CVE-2022-39014 — Missing Encryption of Sensitive Data in SE SAP Businessobjects Business Intelligence Platform

CWE-311 — Missing Encryption of Sensitive Data3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 48.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedSep 13

Latest updateSep 14

Description

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform430

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform430

🔴Vulnerability Details

GHSA

GHSA-hj3q-wfjm-9gcv: Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to acce↗2022-09-14

▶

CVEList

CVE-2022-39014: Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to acce↗2022-09-13

▶