CVE-2022-35169 — Sensitive Information Exposure in SE SAP Businessobjects Business Intelligence Platform

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.4%

top 37.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedJul 12

Latest updateOct 15

Description

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:LExploitability: 1.2 | Impact: 4.7

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform420, 430+1

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform420, 430+1

🔴Vulnerability Details

GHSA

GHSA-hfqp-3m4c-35gc: SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR f↗2022-07-13

▶

CVEList

CVE-2022-35169: SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR f↗2022-07-12

▶

📋Vendor Advisories

Oracle

Oracle Oracle GoldenGate Risk Matrix: Oracle GoldenGate Microservices (Dell BSAFE Micro Edition Suite) — CVE-2020-35169↗2022-10-15

▶

Oracle

Oracle Oracle Database Server Risk Matrix: Oracle Database - Enterprise Edition — CVE-2020-35169↗2022-07-15

▶