CVE-2022-41275 - Vulnerability Details - OpenCVE

In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Sap	Solution Manager

Configuration 1 [-]

OR	cpe:2.3:a:sap:solution_manager:740:::::::*
	cpe:2.3:a:sap:solution_manager:750:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/3271313
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

Fri, 18 Apr 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2022-12-13T03:14:09.574Z

Updated: 2025-04-18T16:00:27.417Z

Reserved: 2022-09-21T16:20:14.953Z

Link: CVE-2022-41275

Vulnrichment

Updated: 2024-08-03T12:42:45.882Z

NVD

Status : Modified

Published: 2022-12-13T04:15:25.353

Modified: 2024-11-21T07:22:57.793

Link: CVE-2022-41275

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41275", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "requesterUserId": "048f1e0a-8756-40de-bd1f-51292c7183c7", "dateReserved": "2022-09-21T16:20:14.953Z", "datePublished": "2022-12-13T03:14:09.574Z", "dateUpdated": "2025-04-18T16:00:27.417Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Solution Manager (Enterprise Search)", "vendor": "SAP", "versions": [{"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In SAP Solution Manager (Enterprise Search) - versions 740, and 750, <span style=\"background-color: white;\">an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.</span><br>"}], "value": "In SAP Solution\u00a0Manager (Enterprise Search) -\u00a0versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2022-12-13T03:14:09.574Z"}, "references": [{"url": "https://launchpad.support.sap.com/#/notes/3271313"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:42:45.882Z"}, "title": "CVE Program Container", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3271313", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-18T15:58:51.408585Z", "id": "CVE-2022-41275", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-18T16:00:27.417Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41275", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "requesterUserId": "048f1e0a-8756-40de-bd1f-51292c7183c7", "dateReserved": "2022-09-21T16:20:14.953Z", "datePublished": "2022-12-13T03:14:09.574Z", "dateUpdated": "2025-04-18T16:00:27.417Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Solution Manager (Enterprise Search)", "vendor": "SAP", "versions": [{"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In SAP Solution Manager (Enterprise Search) - versions 740, and 750, <span style=\"background-color: white;\">an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.</span><br>"}], "value": "In SAP Solution\u00a0Manager (Enterprise Search) -\u00a0versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2022-12-13T03:14:09.574Z"}, "references": [{"url": "https://launchpad.support.sap.com/#/notes/3271313"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:42:45.882Z"}, "title": "CVE Program Container", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3271313", "tags": ["x_transferred"]}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41275", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-18T15:58:51.408585Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-18T15:58:58.725Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:solution_manager:740:*:*:*:*:*:*:*", "matchCriteriaId": "E7F6260A-D105-40B6-A851-B64FEDA2B714", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:solution_manager:750:*:*:*:*:*:*:*", "matchCriteriaId": "9DF74FCA-CC28-4C2B-84A1-73EC4EE38D14", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In SAP Solution\u00a0Manager (Enterprise Search) -\u00a0versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.\n"}, {"lang": "es", "value": "En SAP Solution Manager (Enterprise Search), versiones 740 y 750, un atacante no autenticado puede generar un enlace que, si un usuario que ha iniciado sesi\u00f3n hace clic en \u00e9l, puede ser redirigido a una p\u00e1gina maliciosa que podr\u00eda leer o modificar informaci\u00f3n confidencial, o exponer al usuario a un ataque de phishing, con poco impacto en la confidencialidad e integridad."}], "id": "CVE-2022-41275", "lastModified": "2024-11-21T07:22:57.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-13T04:15:25.353", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3271313"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3271313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cna@sap.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}