CVE-2022-31596

Severity Score

6.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database.

A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.

Bajo ciertas condiciones, un atacante autenticado como administrador de CMS y con altos privilegios de acceso a la red en SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - versión 430, puede acceder a la base de datos de BOE Monitoring para recuperar y modificar datos (no personales) del sistema que de lo contrario estaría restringido. Además, se podría utilizar un ataque potencial para salir del alcance del CMS y afectar la base de datos. Un ataque exitoso podría tener un impacto bajo en la confidencialidad, un impacto alto en la integridad y un impacto bajo en la disponibilidad.

*Credits: N/A

CVSS Scores

NISTv3.1 6.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-24 CVE Reserved
2022-12-12 CVE Published
2024-07-04 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-668: Exposure of Resource to Wrong Sphere

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sap Search vendor "Sap"		Business Objects Business Intelligence Platform Search vendor "Sap" for product "Business Objects Business Intelligence Platform"				430 Search vendor "Sap" for product "Business Objects Business Intelligence Platform" and version "430"		-		Affected