Unauthorized Access Vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2022-31596

6MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Platform (monitoring Db)
Vendor: CVE Published:; 12 December 2022

Summary

An authenticated attacker with high privileges on the SAP BusinessObjects Business Intelligence Platform can exploit a flaw to gain unauthorized access to the Monitoring database. This could allow them to retrieve and alter non-personal system data that would normally be restricted, potentially leading to integrity issues. Notably, the attack may extend beyond the CMS's scope, impacting the database itself and posing substantial security risks.

Affected Version(s)

SAP Business Objects Platform (Monitoring DB) 430

References

https://launchpad.support.sap.com/#/notes/3213507

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2022
Vulnerability Reserved
May 24, 2022