CVE-2022-31596

CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

6.0MEDIUM

EPSS

0.3%

top 47.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Business Objects Platform (monitoring DB)SAP Business Objects Business Intelligence Platform

Timeline

PublishedDec 12

Description

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:LExploitability: 1.2 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5sap/sap_business_objects_platform_(monitoring_db)430

▶NVDsap/business_objects_business_intelligence_platform430

🔴Vulnerability Details

GHSA

GHSA-x9g8-86pv-45jg: Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Busin↗2022-12-12

▶

CVEList

CVE-2022-31596: Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Busin↗2022-12-12

▶