CVE-2022-39013

7.6HIGH

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (program Objects)
Vendor: CVE Published:; 11 October 2022

Summary

Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Program Objects) 420

SAP BusinessObjects Business Intelligence Platform (Program Objects) 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3229132

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Aug 29, 2022