CVE-2022-35291

CVE-2022-35291

Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application

Source: CVE-2022-35291

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다