SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
References
| Link | Resource |
|---|---|
| https://launchpad.support.sap.com/#/notes/3203079 | Permissions Required Vendor Advisory |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Jul 2022, 18:22
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Sap
Sap business Objects Business Intelligence Platform |
|
| CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 4.6 |
| CPE | cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:* cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
| References | (MISC) https://launchpad.support.sap.com/#/notes/3203079 - Permissions Required, Vendor Advisory |
12 Jul 2022, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-07-12 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-32246
Mitre link : CVE-2022-32246
CVE.ORG link : CVE-2022-32246
JSON object : View
Products Affected
sap
- business_objects_business_intelligence_platform
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')