Lucene search

[email protected]NVD:CVE-2022-41206

HistoryOct 11, 2022 - 9:15 p.m.

CVE-2022-41206

2022-10-1121:15:26

CWE-79

[email protected]

web.nvd.nist.gov

sap

businessobjects

olap

vulnerability

central management console

confidentiality

integrity

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

23.0%

JSON

SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application.

Affected configurations

NVD

Node

sapbusinessobjects_business_intelligenceMatch420

sapbusinessobjects_business_intelligenceMatch430

References

launchpad.support.sap.com/#/notes/3229425

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html