The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.2 SP9 P6, 4.3 SP1 P11, 4.3 SP2 or 4.3 SP3. It is, therefore, affected by a vulnerability:
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(169747);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/11");
script_cve_id("CVE-2022-24398");
script_xref(name:"IAVA", value:"2022-A-0104");
script_name(english:"SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P6 / 4.3 < 4.3 SP1 P11 Information Disclosure");
script_set_attribute(attribute:"synopsis", value:
"SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by an information disclosure vulnerability");
script_set_attribute(attribute:"description", value:
"The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to
4.2 SP9 P6, 4.3 SP1 P11, 4.3 SP2 or 4.3 SP3. It is, therefore, affected by a vulnerability:
- Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an
authenticated attacker to access information which would otherwise be restricted. (CVE-2022-24398)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
self-reported version number.");
# https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18f404d5");
script_set_attribute(attribute:"see_also", value:"https://launchpad.support.sap.com/#/notes/3103424");
script_set_attribute(attribute:"solution", value:
"See vendor advisories.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-24398");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/08");
script_set_attribute(attribute:"patch_publication_date", value:"2022/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:businessobjects_business_intelligence_platform");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_business_objects_intelligence_platform_win_installed.nbin");
script_require_keys("installed_sw/SAP BusinessObjects Business Intelligence Platform", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'SAP BusinessObjects Business Intelligence Platform', win_local:TRUE);
# https://launchpad.support.sap.com/#/notes/0001602088 for translations
# 4.2 SP9 P6, 4.3 SP1 P11, 4.3 SP2, 4.3 SP3
var constraints = [
{ 'min_version': '14.2', 'fixed_version' : '14.2.9.4130', 'fixed_display': '4.2 SP009 000600'},
{ 'min_version': '14.3', 'fixed_version' : '14.3.1.4142', 'fixed_display': '4.3 SP001 001100 / 4.3 SP002 000000 / 4.3 SP003 000000'}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
Vendor | Product | Version | CPE |
---|---|---|---|
sap | businessobjects_business_intelligence_platform | cpe:/a:sap:businessobjects_business_intelligence_platform |