Vulnerabilities > CVE-2022-32246 - Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430

CVSS 4.6 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2022-07-12

Updated: 2024-11-21

Summary

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Business Objects Business Intelligence Platform 430 SAP Business Objects Business Intelligence Platform 420	2

References

https://launchpad.support.sap.com/#/notes/3203079
https://launchpad.support.sap.com/#/notes/3203079
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html