CVE-2022-32246
MEDIUMSAP Business Objects BI Platform 4.2/4.3 - Authenticated SQL Injection
Title source: llmDescription
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3203079
Scores
CVSS v3
4.6
EPSS
0.0043
EPSS Percentile
62.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-89
Status
published
Products (2)
sap/business_objects_business_intelligence_platform
420
sap/business_objects_business_intelligence_platform
430
Published
Jul 12, 2022
Tracked Since
Feb 18, 2026