OS Credentials Exposure in SAP Products by SAP
CVE-2022-39013

7.6HIGH

Key Information:

Vendor
SAP
Status
SAP Businessobjects Business Intelligence Platform (program Objects)
Vendor
CVE Published:
11 October 2022

Summary

An authenticated attacker may exploit a vulnerability in SAP products to access underlying operating system credentials. This access can lead to unauthorized modifications of system data, potentially resulting in significant breaches of confidentiality while posing risks to the integrity and availability of affected applications. Organizations utilizing affected SAP products should assess their security posture and implement necessary protective measures.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Program Objects) 420

SAP BusinessObjects Business Intelligence Platform (Program Objects) 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...
https://launchpad.support.sap.com/#/notes/3229132

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.