Vulnerabilities > CVE-2022-35228 - Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

sap

NVD

Published: 2022-07-12

Updated: 2022-07-15

Summary

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence Platform 420 SAP Businessobjects Business Intelligence Platform 430	2

References

https://launchpad.support.sap.com/#/notes/3221288
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html