CVE-2022-35293
First published: Wed Aug 10 2022(Updated: )
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Enable Now Manager | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-35293?
CVE-2022-35293 has a limited impact on confidentiality and integrity due to insecure session management in SAP Enable Now.
How do I fix CVE-2022-35293?
To fix CVE-2022-35293, apply the latest patches provided by SAP for Enable Now Manager version 1.0.
Who is affected by CVE-2022-35293?
CVE-2022-35293 affects users of SAP Enable Now Manager version 1.0 who have not implemented security measures for session management.
What type of attack does CVE-2022-35293 enable?
CVE-2022-35293 enables an unauthenticated attacker to gain access to user accounts through insecure session management.
What impact does CVE-2022-35293 have on user data?
Upon successful exploitation of CVE-2022-35293, an attacker can view or modify user data.
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap enable now manager
- version/sap enable now manager/1.0