CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39800
https://notcve.org/view.php?id=CVE-2022-39800
11 Oct 2022 — SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP BusinessObjects BI LaunchPad - versiones 420, 430, es susceptible de sufrir un ataque de ejecución de scripts por parte de un atacante no autenticado ... • https://launchpad.support.sap.com/#/notes/3211161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35296
https://notcve.org/view.php?id=CVE-2022-35296
11 Oct 2022 — Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. Bajo determinadas condiciones, la aplicación SAP BusinessObjects Business Intelligence Platform (Version Management System) expone información confidencial a un actor a través de la red con altos ... • https://launchpad.support.sap.com/#/notes/3233226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32244
https://notcve.org/view.php?id=CVE-2022-32244
13 Sep 2022 — Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application. Bajo determinadas condiciones, un atacante autenticado como admi... • https://launchpad.support.sap.com/#/notes/3213524 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39014
https://notcve.org/view.php?id=CVE-2022-39014
13 Sep 2022 — Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - versión 430, permite a un atacante acceder a determinados parámetros confidenciales no encriptados que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3217303 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32245
https://notcve.org/view.php?id=CVE-2022-32245
09 Aug 2022 — SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. SAP BusinessObjects Business Intelligence Platform (Open Document)... • https://launchpad.support.sap.com/#/notes/3210823 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35228
https://notcve.org/view.php?id=CVE-2022-35228
12 Jul 2022 — SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. SAP BusinessObjects CMC permite a un atacante no autenticado recuperar información de tokens a través de la red que, de otro modo, estaría rest... • https://launchpad.support.sap.com/#/notes/3221288 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35169
https://notcve.org/view.php?id=CVE-2022-35169
12 Jul 2022 — SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. SAP BusinessObjects Business Intelligence Platform (LCM) - versiones 420, 430, permite a un atacante con un privilegio de a... • https://launchpad.support.sap.com/#/notes/3194361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31591
https://notcve.org/view.php?id=CVE-2022-31591
12 Jul 2022 — SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service SAP BusinessObjects BW Publisher Service - versiones 420, 430, usa una ruta de búsqueda que contiene un elemento no citado. Un atacante local puede conseguir altos privilegios al insertar un archivo ejecutable en la ruta del servicio afectado • https://launchpad.support.sap.com/#/notes/3167430 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29619
https://notcve.org/view.php?id=CVE-2022-29619
12 Jul 2022 — Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform versión 4.x - versiones 420,430 permite al usuario Administrador visualizar, editar o modificar los derechos de objetos que no posee y que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3169239 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28214
https://notcve.org/view.php?id=CVE-2022-28214
11 May 2022 — During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. Durante una actualización de SAP BusinessObjects Enterprise, Central Management Server (CMS) - versiones 420, 430, las credenciales de autenticación están siendo expuestas en los registros de eventos de Sysmon. Esta divulgación ... • https://launchpad.support.sap.com/#/notes/2998510 • CWE-312: Cleartext Storage of Sensitive Information •