CVE-2022-32246

CWE-89 — SQL Injection3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.4%

top 37.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform (visual Difference Application)SAP Business Objects Business Intelligence Platform

Timeline

PublishedJul 12

Latest updateJul 13

Description

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform_(visual_difference_application)420, 430+1

▶NVDsap/business_objects_business_intelligence_platform420, 430+1

🔴Vulnerability Details

GHSA

GHSA-pf9w-6vm8-w2xf: SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has acces↗2022-07-13

▶

CVEList

CVE-2022-32246: SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has acces↗2022-07-12

▶