CVE-2022-35296

MEDIUM

SAP BusinessObjects Business Intelligence Platform - Exposure of Sensitive Information via Version Management System

Title source: llm

Description

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://launchpad.support.sap.com/#/notes/3233226

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 4.9

EPSS 0.0029

EPSS Percentile 52.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

sap/businessobjects_business_intelligence 420

sap/businessobjects_business_intelligence 430

Published Oct 11, 2022

Tracked Since Feb 18, 2026