CVE-2022-28216 — Cross-site Scripting in SE SAP Businessobjects Business Intelligence Platform

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

2.3%

top 15.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedApr 12

Latest updateSep 28

Description

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform420

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform420

🔴Vulnerability Details

GHSA

GHSA-mg87-4vhp-2x64: SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated↗2022-04-13

▶

CVEList

CVE-2022-28216: SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated↗2022-04-12

▶

🕵️Threat Intelligence

Qualys

Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation↗2022-09-28

▶