Information disclosure in Sap Business_objects_business_intelligence_platform
CVE-2022-39013
Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and…
Vulnerability class: Information Disclosure
EPSS: 0.006 (44.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L.
Affected products
- Sap Business_objects_business_intelligence_platform — versions 420, 430
- Sap Se Businessobjects Business Intelligence Platform (Program Objects) — versions 420, 430
Weakness classification (CWE)
References
- cna@sap.com (Vendor Advisory)
- cna@sap.com (Permissions Required, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-39013?
- CVE-2022-39013 is a high-severity vulnerability in Sap Business_objects_business_intelligence_platform, classified under Information Disclosure. CVSS score: 7.6/10. Published 2022-10-11.
- How severe is CVE-2022-39013?
- High severity. CVSS v3 base score is 7.6 out of 10.