Vulnerability Name: | CVE-2022-35169 (CCN-231002) | ||||||||||||
Assigned: | 2022-07-12 | ||||||||||||
Published: | 2022-07-12 | ||||||||||||
Updated: | 2022-07-20 | ||||||||||||
Summary: | SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | ||||||||||||
CVSS v3 Severity: | 6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-35169 Source: CCN Type: SAP Security Patch Day - July 2022 SAP Security Patch Day - July 2022 Source: XF Type: UNKNOWN sap-cve202235169-info-disc(231002) Source: CCN Type: SAP Web site SAP Support Note 3194361 Source: MISC Type: Permissions Required, Vendor Advisory https://launchpad.support.sap.com/#/notes/3194361 Source: MISC Type: Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |