CVE-2022-24398

CWE-200 — Information Exposure3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 47.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects Business Intelligence Platform SAP Business Objects Business Intelligence Platform

Timeline

PublishedMar 10

Latest updateMar 11

Description

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_objects_business_intelligence_platform< 420+1

▶NVDsap/business_objects_business_intelligence_platform420, 430+1

🔴Vulnerability Details

GHSA

GHSA-86m4-pg86-f7gg: Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access informati↗2022-03-11

▶

CVEList

CVE-2022-24398: Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access informati↗2022-03-08

▶