CVE-2022-28214

CWE-312 — Cleartext Storage of Sensitive Info3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 92.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Enterprise (central Management Server)SAP Businessobjects SAP Businessobjects Business Intelligence

Timeline

PublishedMay 11

Latest updateMay 12

Description

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5sap_se/sap_businessobjects_enterprise_(central_management_server)420, 430+1

▶NVDsap/businessobjects420, 430+1

▶NVDsap/businessobjects_business_intelligence420, 430+1

🔴Vulnerability Details

GHSA

GHSA-vfrh-2hh5-c79g: During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed↗2022-05-12

▶

CVEList

CVE-2022-28214: During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed↗2022-05-11

▶