Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Related CVEs

CVE-2022-29613

Key Information

GHSA ID

GHSA-6m7p-fgw9-pwr9

Published

May 12, 2022 12:01 AM

Last Modified

May 20, 2022 12:00 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 8, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.