Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-31590

EPSS 0.04% · P12
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-31590

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经引用的搜索路径或元素
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP PowerDesigner 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP PowerDesigner是德国思爱普(SAP)公司的一款数据库设计软件。 SAP PowerDesigner Proxy 16.7版本存在代码问题漏洞。攻击者利用该漏洞绕过系统的根磁盘访问限制,在系统磁盘根路径上写入或创建程序文件,并提升应用程序的权限,最终导致损害系统的机密性、完整性和可用性。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SAP SESAP PowerDesigner Proxy 16.7 16.7 -

II. Public POCs for CVE-2022-31590

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-31590

登录查看更多情报信息。

Same Patch Batch · SAP SE · 2022-06-14 · 18 CVEs total

CVE-2022-32235SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32243SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32242SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32241SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32240SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32239SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32238SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32237SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-32236SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
CVE-2022-27668SAP NetWeaver 和 ABAP Platform 安全漏洞
CVE-2022-31595SAP Financial Consolidation 安全漏洞
CVE-2022-31594SAP Adaptive Server Enterprise 安全漏洞
CVE-2022-31589多款SAP产品安全漏洞
CVE-2022-29618SAP NetWeaver Development Infrastructure 跨站脚本漏洞
CVE-2022-29615SAP NetWeaver Developer Studio 代码问题漏洞
CVE-2022-29614SAP NetWeaver Application Server 安全漏洞
CVE-2022-29612SAP Host Agent 代码问题漏洞

IV. Related Vulnerabilities

Same vendor: SAP SE
Same weakness: CWE-428

V. Comments for CVE-2022-31590

No comments yet

Leave a comment