CVE-2022-41263
https://notcve.org/view.php?id=CVE-2022-41263
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. • https://launchpad.support.sap.com/#/notes/3249648 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-39013
https://notcve.org/view.php?id=CVE-2022-39013
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. Bajo determinadas condiciones, un atacante autenticado puede obtener acceso a las credenciales del Sistema Operativo. Obtener acceso a las credenciales del Sistema Operativo permite al atacante modificar los datos del sistema y hacer que el sistema no esté disponible, conllevando a un alto impacto en la Confidencialidad y un bajo impacto en la Integridad y disponibilidad de la aplicación • https://launchpad.support.sap.com/#/notes/3229132 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-39015
https://notcve.org/view.php?id=CVE-2022-39015
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, BOE AdminTools/ BOE SDK permite a un atacante acceder a información que de otro modo estaría restringida • https://launchpad.support.sap.com/#/notes/3239293 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2022-31598
https://notcve.org/view.php?id=CVE-2022-31598
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, SAP Business Objects - versión 420, permite que un atacante autenticado envíe una petición maliciosa mediante una operación permitida. En caso de una explotación con éxito, un atacante puede visualizar o modificar la información causando un impacto limitado en la confidencialidad e integridad de la aplicación • https://launchpad.support.sap.com/#/notes/3213279 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-32246
https://notcve.org/view.php?id=CVE-2022-32246
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versiones 420, 430, permite a un atacante autenticado que tenga acceso a la consola de administración de BI enviar consultas diseñadas y extraer datos del backend SQL. Si es explotado con éxito, el atacante puede causar un impacto limitado en la confidencialidad e integridad de la aplicación • https://launchpad.support.sap.com/#/notes/3203079 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •