Deserialization Vulnerability in SAP BusinessObjects BI Platform
CVE-2022-41203
Key Information:
- Vendor
SAP
- Status
- Vendor
- CVE Published:
- 8 November 2022
What is CVE-2022-41203?
In specific workflows of the SAP BusinessObjects BI Platform, an authenticated attacker with low privileges may exploit a deserialization vulnerability. By intercepting a serialized object in system parameters and substituting it with a malicious counterpart, the attacker can trigger the deserialization of untrusted data. This exploitation has the potential to significantly undermine the confidentiality, integrity, and availability of system data, which may lead to unauthorized access or manipulation of sensitive information.
Affected Version(s)
SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) = 4.2 = 4.2
SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad) = 4.3 = 4.3
References
CVSS V3.1
CVSS V3.0
Timeline
Vulnerability published
Vulnerability Reserved