Is CVE-2022-28213 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sap Se Businessobjects Business Intelligence Platform

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retr…

EPSS: 0.126 (94.1th percentile) — read the EPSS interpretation.

Affected products

Sap Se Businessobjects Business Intelligence Platform — versions 420, 430

Weakness classification (CWE)

CWE-112

Public proof-of-concept exploits

References

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (x_refsource_MISC)
launchpad.support.sap.com/ (x_refsource_MISC)
packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-I… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-28213?: CVE-2022-28213 is a vulnerability in Sap Se Businessobjects Business Intelligence Platform, classified under CWE-112. Published 2022-04-12.
Is CVE-2022-28213 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.