CVE-2022-35169

Published: Jul 12, 2022Modified: Nov 21, 2024

6.0

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Exploitability: 1.2 / Impact: 4.7

Source: NVD

Description

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.

Affected (2)

Products: Sap: Businessobjects Business Intelligence Platform

1 product

Businessobjects Business Intelligence Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence Platform	Version 420
Sap Businessobjects Business Intelligence Platform	Version 430

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://launchpad.support.sap.com/#/notes/3194361

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3194361

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.