Vulnerability CVE-2022-31598

Vulnerability CVE-2022-31598

Published: 2022-07-12

Description:

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Type:

CWE-345

(Insufficient Verification of Data Authenticity)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.9/10	4.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
SAP -> Business objects business intelligence platform

References:

https://launchpad.support.sap.com/#/notes/3213279

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Copyright 2024, cxsecurity.com