CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32245
https://notcve.org/view.php?id=CVE-2022-32245
09 Aug 2022 — SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. SAP BusinessObjects Business Intelligence Platform (Open Document)... • https://launchpad.support.sap.com/#/notes/3210823 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35228
https://notcve.org/view.php?id=CVE-2022-35228
12 Jul 2022 — SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. SAP BusinessObjects CMC permite a un atacante no autenticado recuperar información de tokens a través de la red que, de otro modo, estaría rest... • https://launchpad.support.sap.com/#/notes/3221288 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35169
https://notcve.org/view.php?id=CVE-2022-35169
12 Jul 2022 — SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. SAP BusinessObjects Business Intelligence Platform (LCM) - versiones 420, 430, permite a un atacante con un privilegio de a... • https://launchpad.support.sap.com/#/notes/3194361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31591
https://notcve.org/view.php?id=CVE-2022-31591
12 Jul 2022 — SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service SAP BusinessObjects BW Publisher Service - versiones 420, 430, usa una ruta de búsqueda que contiene un elemento no citado. Un atacante local puede conseguir altos privilegios al insertar un archivo ejecutable en la ruta del servicio afectado • https://launchpad.support.sap.com/#/notes/3167430 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29619
https://notcve.org/view.php?id=CVE-2022-29619
12 Jul 2022 — Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform versión 4.x - versiones 420,430 permite al usuario Administrador visualizar, editar o modificar los derechos de objetos que no posee y que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3169239 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28214
https://notcve.org/view.php?id=CVE-2022-28214
11 May 2022 — During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. Durante una actualización de SAP BusinessObjects Enterprise, Central Management Server (CMS) - versiones 420, 430, las credenciales de autenticación están siendo expuestas en los registros de eventos de Sysmon. Esta divulgación ... • https://launchpad.support.sap.com/#/notes/2998510 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27671
https://notcve.org/view.php?id=CVE-2022-27671
12 Apr 2022 — A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. Un token de tipo CSRF visible en la URL podría conllevar a una vulnerabilidad de divulgación de información • https://launchpad.support.sap.com/#/notes/3130497 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28216
https://notcve.org/view.php?id=CVE-2022-28216
12 Apr 2022 — SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. SAP BusinessObjects Business Intelligence Platform (BI Workspace) - versión 420, es susceptible de sufrir un ataque de tipo Cross-Site Scripting por par... • https://launchpad.support.sap.com/#/notes/3150845 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 2%CPEs: 2EXPL: 3CVE-2022-28213 – SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
https://notcve.org/view.php?id=CVE-2022-28213
12 Apr 2022 — When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. Cuando un usuario accede a servicios web SOAP en SAP BusinessObjects Business Intelligence Platform - versión 420, 430, no se comprueba suficientemente el documento XML aceptado desde una fuente no confiable, lo que ... • https://packetstorm.news/files/id/167046 • CWE-112: Missing XML Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22541
https://notcve.org/view.php?id=CVE-2022-22541
12 Apr 2022 — SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access. SAP BusinessObjects Business Intelligence Platform - versiones 420, 430, puede permitir a usuarios legítimos acceder a información que no deberían ver mediante conexiones relacionales u OLAP. El principal impacto es la divulgac... • https://launchpad.support.sap.com/#/notes/3137191 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •