CVE-2022-32246

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*

History

21 Nov 2024, 07:06

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/3203079 - Permissions Required, Vendor Advisory () https://launchpad.support.sap.com/#/notes/3203079 - Permissions Required, Vendor Advisory
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

20 Jul 2022, 18:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.9
v3 : 4.6
CPE cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:*
References (MISC) https://launchpad.support.sap.com/#/notes/3203079 - (MISC) https://launchpad.support.sap.com/#/notes/3203079 - Permissions Required, Vendor Advisory
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

12 Jul 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-12 21:15

Updated : 2024-11-21 07:06


NVD link : CVE-2022-32246

Mitre link : CVE-2022-32246

CVE.ORG link : CVE-2022-32246


JSON object : View

Products Affected

sap

  • business_objects_business_intelligence_platform
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')