CVE Vulnerability

CVE-2022-41203

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://launchpad.support.sap.com/#/notes/3243924 Permissions Required Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:sap:businessobjects_business_intelligence:4.3:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:-:*:*:*:*:*:*
Information

Published : 2022-11-08 10:15

Updated : 2022-11-09 03:56

NVD link : CVE-2022-41203

Mitre link : CVE-2022-41203

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data