CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39014
https://notcve.org/view.php?id=CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - versión 430, permite a un atacante acceder a determinados parámetros confidenciales no encriptados que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3217303 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32245
https://notcve.org/view.php?id=CVE-2022-32245
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application. SAP BusinessObjects Business Intelligence Platform (Open Document) - versiones 420, 430, permite a un atacante no autenticado recuperar información confidencial en texto plano a través de la red. Si es explotado con éxito, el atacante puede visualizar cualquier dato disponible para un usuario de la empresa y poner en carga la aplicación mediante un ataque automatizado. • https://launchpad.support.sap.com/#/notes/3210823 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35228
https://notcve.org/view.php?id=CVE-2022-35228
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. SAP BusinessObjects CMC permite a un atacante no autenticado recuperar información de tokens a través de la red que, de otro modo, estaría restringida. Esto sólo puede lograrse cuando un usuario legítimo accede a la aplicación y es producido un compromiso local, como el sniffing o la ingeniería social. • https://launchpad.support.sap.com/#/notes/3221288 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35169
https://notcve.org/view.php?id=CVE-2022-35169
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. SAP BusinessObjects Business Intelligence Platform (LCM) - versiones 420, 430, permite a un atacante con un privilegio de administrador leer y descifrar la contraseña del archivo LCMBIAR bajo determinadas condiciones, permitiendo al atacante modificar la contraseña o importar el archivo a otro sistema causando un alto impacto en la confidencialidad pero un impacto limitado en la disponibilidad e integridad de la aplicación • https://launchpad.support.sap.com/#/notes/3194361 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29619
https://notcve.org/view.php?id=CVE-2022-29619
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform versión 4.x - versiones 420,430 permite al usuario Administrador visualizar, editar o modificar los derechos de objetos que no posee y que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3169239 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-863: Incorrect Authorization •