First published: Wed Feb 09 2022(Updated: )
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver Application Server ABAP | =700 | |
SAP NetWeaver Application Server ABAP | =701 | |
SAP NetWeaver Application Server ABAP | =702 | |
SAP NetWeaver Application Server ABAP | =731 | |
SAP NetWeaver Application Server ABAP | =740 | |
SAP NetWeaver Application Server ABAP | =750 | |
SAP NetWeaver Application Server ABAP | =751 | |
SAP NetWeaver Application Server ABAP | =752 | |
SAP NetWeaver Application Server ABAP | =753 | |
SAP NetWeaver Application Server ABAP | =754 | |
SAP NetWeaver Application Server ABAP | =755 | |
SAP NetWeaver Application Server ABAP | =756 | |
SAP NetWeaver Application Server ABAP | =787 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-22540 is a vulnerability in SAP NetWeaver AS ABAP (Workplace Server) that allows an attacker to execute crafted database queries and potentially expose the backend database.
Versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, and 787 of SAP NetWeaver AS ABAP are affected by CVE-2022-22540.
CVE-2022-22540 has a severity rating of 7.5 (high).
An attacker can exploit CVE-2022-22540 by executing crafted database queries.
Yes, you can find more information about CVE-2022-22540 at the following references: [Reference 1](https://launchpad.support.sap.com/#/notes/3140587) and [Reference 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).