CVE-2022-35228
published 2022-07-12CVE-2022-35228: SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | businessobjects_business_intelligence_platform | — | — |
| sap | businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_businessobjects_business_intelligence_platform | — | — |