Unrestricted Access to Sensitive Parameters in SAP BusinessObjects Business Intelligence Platform
CVE-2022-39014

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (cmc)
Vendor: CVE Published:; 13 September 2022

Summary

SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430 contains a vulnerability that allows attackers to gain access to sensitive parameters that should typically remain encrypted. This unauthorized access can lead to exposure of crucial data that compromises the confidentiality and security of the platform. Organizations utilizing this version of SAP BusinessObjects should take immediate action to mitigate this risk.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (CMC) 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3217303

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Aug 29, 2022