OS Credentials Exposure in SAP Products by SAP
CVE-2022-39013

7.6HIGH

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (program Objects)
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-39013?

An authenticated attacker may exploit a vulnerability in SAP products to access underlying operating system credentials. This access can lead to unauthorized modifications of system data, potentially resulting in significant breaches of confidentiality while posing risks to the integrity and availability of affected applications. Organizations utilizing affected SAP products should assess their security posture and implement necessary protective measures.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Program Objects) 420

SAP BusinessObjects Business Intelligence Platform (Program Objects) 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3229132

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Aug 29, 2022