SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3203079 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/3203079 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://launchpad.support.sap.com/#/notes/3203079 - Permissions Required, Vendor Advisory | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
20 Jul 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 4.6 |
CPE | cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:* cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:* |
|
References | (MISC) https://launchpad.support.sap.com/#/notes/3203079 - Permissions Required, Vendor Advisory | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
12 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-12 21:15
Updated : 2024-11-21 07:06
NVD link : CVE-2022-32246
Mitre link : CVE-2022-32246
CVE.ORG link : CVE-2022-32246
JSON object : View
Products Affected
sap
- business_objects_business_intelligence_platform
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')