← volver
CVE-2022-35228

CVE-2022-35228

EPSS 0.5%CWE-352
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 jul 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.
Productos afectados
SAP SE · SAP BusinessObjects Business Intelligence Platform (Central management Console)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://launchpad.support.sap.com/#/notes/3221288https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html