CVE-2022-41205
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-41205
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP GUI 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP GUI是德国思爱普(SAP)公司的一个应用软件。SAP系统的图形用户界面。 SAP GUI存在代码注入漏洞,该漏洞源于其允许经过身份验证的攻击者在本地网络中执行脚本。成功利用后,攻击者可以获得对注册中心的访问权,这可能对机密性造成有限的影响,但对应用程序的可用性产生很大的影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP SE | SAP GUI for Windows | = 7.70 | - |
II. Public POCs for CVE-2022-41205
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-41205
请登录查看更多情报信息。
Same Patch Batch · SAP SE · 2022-11-08 · 11 CVEs total
| CVE-2022-41214 | 8.7 HIGH | SAP NetWeaver和SAP NetWeaver Application Server 输入验证错误漏洞 |
| CVE-2022-41211 | 7.0 HIGH | SAP 3D Visual Enterprise Viewer和SAP 3D Visual Enterprise Author 缓冲区错误漏洞 |
| CVE-2022-41258 | 6.5 MEDIUM | SAP Financial Consolidation 跨站脚本漏洞 |
| CVE-2022-41260 | 6.1 MEDIUM | SAP Financial Consolidation 跨站脚本漏洞 |
| CVE-2022-41208 | 5.4 MEDIUM | SAP Financial Consolidation 跨站脚本漏洞 |
| CVE-2022-41215 | 4.7 MEDIUM | SAP NetWeaver和SAP NetWeaver ABAP Server 输入验证错误漏洞 |
| CVE-2022-41203 | SAP BusinessObjects BI Platform 代码问题漏洞 | |
| CVE-2022-41207 | SAP Biller Direct 输入验证错误漏洞 | |
| CVE-2022-41212 | SAP NetWeaver和SAP NetWeaver Application Server 路径遍历漏洞 | |
| CVE-2022-41259 | SAP SQL Anywhere 安全漏洞 |
IV. Related Vulnerabilities
Same product: SAP GUI for Windows
- CVE-2025-42888
Information Disclosure vulnerability in SAP GUI for Windows - CVE-2025-42943
Information Disclosure in SAP GUI for Windows - CVE-2025-42979
Insecure Key & Secret Management vulnerability in SAP GUI fo - CVE-2025-43005
Information Disclosure vulnerability in SAP GUI for Windows - CVE-2025-24870
Insecure Key & Secret Management vulnerability in SAP GUI fo
Same vendor: SAP SE
- CVE-2025-42956
Multiple vulnerabilities in SAP NetWeaver Application Server - CVE-2023-36920
Clickjacking vulnerability in SAP Enable Now - CVE-2023-40307
Privileges Memory Corruption (Out-of-bound write) - CVE-2023-40306
URL Redirection vulnerability in SAP S/4HANA (Manage Catalog - CVE-2022-41212
SAP NetWeaver和SAP NetWeaver Application Server 路径遍历漏洞
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2022-41205
No comments yet