HIGH🇵🇱 Wersja polska

CVE-2022-22530

CVSS 8.1v3.1pub. 2022-01-14upd. 2026-02-24

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Sap S\/4hana

    APP
    Sap
    100101102103104105106
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-0488CRITICAL9.9PL ✓ten sam produkt

SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL

CVE-2022-22531HIGH8.1ten sam produkt

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...

CVE-2021-38176HIGH8.8ten sam produkt

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call N...

CVE-2026-27679MEDIUM6.5ten sam produkt

Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), a...

CVE-2026-34264MEDIUM6.5ten sam produkt

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messa...