CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41267
https://notcve.org/view.php?id=CVE-2022-41267
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. SAP Business Objects Platform: versiones 420 y 430, permite a un atacante con privilegios de usuario de BI normal cargar/reemplazar cualquier archivo en el servidor de Business Objects a nivel del sistema operativo, lo que le permite al atacante tomar control total del sistema y causar un alto impacto en confidencialidad, integridad y disponibilidad de la solicitud. • https://launchpad.support.sap.com/#/notes/3239475 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41263
https://notcve.org/view.php?id=CVE-2022-41263
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. • https://launchpad.support.sap.com/#/notes/3249648 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31596
https://notcve.org/view.php?id=CVE-2022-31596
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability. Bajo ciertas condiciones, un atacante autenticado como administrador de CMS y con altos privilegios de acceso a la red en SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - versión 430, puede acceder a la base de datos de BOE Monitoring para recuperar y modificar datos (no personales) del sistema que de lo contrario estaría restringido. Además, se podría utilizar un ataque potencial para salir del alcance del CMS y afectar la base de datos. Un ataque exitoso podría tener un impacto bajo en la confidencialidad, un impacto alto en la integridad y un impacto bajo en la disponibilidad. • https://launchpad.support.sap.com/#/notes/3213507 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39013
https://notcve.org/view.php?id=CVE-2022-39013
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. Bajo determinadas condiciones, un atacante autenticado puede obtener acceso a las credenciales del Sistema Operativo. Obtener acceso a las credenciales del Sistema Operativo permite al atacante modificar los datos del sistema y hacer que el sistema no esté disponible, conllevando a un alto impacto en la Confidencialidad y un bajo impacto en la Integridad y disponibilidad de la aplicación • https://launchpad.support.sap.com/#/notes/3229132 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39015
https://notcve.org/view.php?id=CVE-2022-39015
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, BOE AdminTools/ BOE SDK permite a un atacante acceder a información que de otro modo estaría restringida • https://launchpad.support.sap.com/#/notes/3239293 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •