Sensitive Information Exposure in SAP BusinessObjects Business Intelligence Platform
CVE-2022-35296

4.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (version Management System)
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-35296?

The SAP BusinessObjects Business Intelligence Platform contains a vulnerability that under specific conditions allows unauthorized actors with high privileges to access sensitive information over the network. This exposure significantly compromises the confidentiality of the data, potentially leading to severe repercussions for organizations relying on the platform for data analytics and reporting.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Version Management System) 420

SAP BusinessObjects Business Intelligence Platform (Version Management System) 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3233226

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Jul 7, 2022