Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSapCVELIST:CVE-2022-32244
HistorySep 13, 2022 - 7:24 p.m.

CVE-2022-32244

2022-09-1319:24:35
CWE-200
sap
www.cve.org
cms administrator
boe commentary database
system data
high privilege access
confidentiality
integrity

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can’t make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.

CNA Affected

[
  {
    "product": "SAP BusinessObjects Business Intelligence Platform (Commentary DB)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "420"
      },
      {
        "status": "affected",
        "version": "430"
      }
    ]
  }
]

Related

cve 1
prion 1
nvd 1
nessus 1
cve
cve
CVE-2022-32244
2022-09-13 20:15:09
prion
prion
Authentication flaw
2022-09-13 20:15:00
nvd
nvd
CVE-2022-32244
2022-09-13 20:15:09
nessus
nessus
SAP BusinessObjects Business Intelligence Platform 4.2 < 4.2 SP9 P9 / 4.3 < 4.3 SP2 P5 Multiple Vulnerabilities
2022-08-11 00:00:00

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2022-32244
cve1prion1nvd1nessus1