CVE-2022-41203

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (central Management Console And Bi LauncHPad)
Vendor: CVE Published:; 8 November 2022

Summary

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) = 4.2 = 4.2

SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) = 4.3 = 4.3

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3243924

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 8, 2022
Vulnerability Reserved
Sep 21, 2022