CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35169
https://notcve.org/view.php?id=CVE-2022-35169
12 Jul 2022 — SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. SAP BusinessObjects Business Intelligence Platform (LCM) - versiones 420, 430, permite a un atacante con un privilegio de a... • https://launchpad.support.sap.com/#/notes/3194361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29619
https://notcve.org/view.php?id=CVE-2022-29619
12 Jul 2022 — Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform versión 4.x - versiones 420,430 permite al usuario Administrador visualizar, editar o modificar los derechos de objetos que no posee y que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3169239 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27671
https://notcve.org/view.php?id=CVE-2022-27671
12 Apr 2022 — A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. Un token de tipo CSRF visible en la URL podría conllevar a una vulnerabilidad de divulgación de información • https://launchpad.support.sap.com/#/notes/3130497 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 8.1EPSS: 2%CPEs: 2EXPL: 3CVE-2022-28213 – SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
https://notcve.org/view.php?id=CVE-2022-28213
12 Apr 2022 — When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. Cuando un usuario accede a servicios web SOAP en SAP BusinessObjects Business Intelligence Platform - versión 420, 430, no se comprueba suficientemente el documento XML aceptado desde una fuente no confiable, lo que ... • https://packetstorm.news/files/id/167046 • CWE-112: Missing XML Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22541
https://notcve.org/view.php?id=CVE-2022-22541
12 Apr 2022 — SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access. SAP BusinessObjects Business Intelligence Platform - versiones 420, 430, puede permitir a usuarios legítimos acceder a información que no deberían ver mediante conexiones relacionales u OLAP. El principal impacto es la divulgac... • https://launchpad.support.sap.com/#/notes/3137191 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27667
https://notcve.org/view.php?id=CVE-2022-27667
12 Apr 2022 — Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. Bajo determinadas condiciones, la plataforma SAP BusinessObjects Business Intelligence, Client Management Console (CMC) - versión 430, permite a un atacante acceder a información que de otra manera estaría restringida, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/3145769 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •