VDB
CVE-2022-22546
CVE-2022-22546
PUBLISHED
CVSS 3.5 LOW
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.
EPSS 0.31% · 54.4th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.31%
54.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP Business Objects Web Intelligence (BI Launchpad) | 420 |
| sap | businessobjects_web_intelligence | 420 |
Exploit Intelligence
- https://launchpad.support.sap.com/#/notes/3126748 (circl)
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- EXPL_Log4j_CVE_2021_44228_Dec21_Hard_RID31D9.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
- SUSP_Base64_Encoded_Exploit_Indicators_Dec21_RID3732.yar (github-yara)
…and 108 more exploits
Timeline
- Jun 28, 2021 PoC Published
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 18, 2021 PoC Published
- Feb 9, 2022 CVE Published
- Feb 10, 2022 EPSS Score
- Apr 3, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Jun 7, 2022 PoC Published
- Jul 18, 2022 EPSS Score
- Sep 9, 2022 EPSS Score
- Sep 16, 2022 PoC Published