CVE-2022-35296

CWE-200 — Information Exposure3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.4%

top 37.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform (version Management System)SAP Businessobjects Business Intelligence

Timeline

PublishedOct 11

Latest updateOct 12

Description

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform_(version_management_system)420, 430+1

▶NVDsap/businessobjects_business_intelligence420, 430+1

🔴Vulnerability Details

GHSA

GHSA-q89h-8c3m-4535: Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information↗2022-10-12

▶

CVEList

CVE-2022-35296: Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information↗2022-10-11

▶