CVE-2022-41263

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-287 — Improper Authentication3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 73.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Business Objects Business Intelligence Platform (web Intelligence)SAP Business Objects Business Intelligence Platform

Timeline

PublishedDec 12

Latest updateDec 13

Description

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/business_objects_business_intelligence_platform420, 430+1

▶CVEListV5sap/business_objects_business_intelligence_platform_(web_intelligence)420, 430+1

🔴Vulnerability Details

GHSA

GHSA-f92h-c5mh-qv8v: Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authentic↗2022-12-13

▶

CVEList

CVE-2022-41263: Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authentic↗2022-12-12

▶