CVE-2022-35296

4.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (version Management System)
Vendor: CVE Published:; 11 October 2022

Summary

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Version Management System) 420

SAP BusinessObjects Business Intelligence Platform (Version Management System) 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3233226

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Jul 7, 2022