Vulnerability Description
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Process Integration | 7.50 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/3267780Permissions RequiredVendor Advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
- https://launchpad.support.sap.com/#/notes/3267780Permissions RequiredVendor Advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
FAQ
What is CVE-2022-41271?
CVE-2022-41271 is a vulnerability with a CVSS score of 9.4 (CRITICAL). An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming ...
How severe is CVE-2022-41271?
CVE-2022-41271 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-41271?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Process Integration.