CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31598
https://notcve.org/view.php?id=CVE-2022-31598
12 Jul 2022 — Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, SAP Business Objects - versión 420, permite que un atacante autenticado envíe una petición maliciosa mediante una operación permitida. En caso de... • https://launchpad.support.sap.com/#/notes/3213279 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32246
https://notcve.org/view.php?id=CVE-2022-32246
12 Jul 2022 — SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versiones 420, 430, permite a un atacante autenticado que tenga acceso a l... • https://launchpad.support.sap.com/#/notes/3203079 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6220
https://notcve.org/view.php?id=CVE-2020-6220
06 Jun 2022 — BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. BI Launchpad y CMC en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). La... • https://launchpad.support.sap.com/#/notes/2878507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24398
https://notcve.org/view.php?id=CVE-2022-24398
08 Mar 2022 — Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. En determinadas condiciones, SAP Business Objects Business Intelligence Platform - versiones 420, 430, permite que un atacante autenticado acceda a información que de otro modo estaría restringida • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •