CVE-2022-29619 — Vulnetix

CVE-2022-29619 PUBLISHED CVSS 6.5 MEDIUM

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

EPSS 0.18% · 39.2th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.18%

39.2th percentile

Affected Products

Vendor	Product	Versions
sap	businessobjects_business_intelligence_platform	420, 430
SAP SE	SAP BusinessObjects Business Intelligence Platform	420, 430

Exploit Intelligence

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)
https://launchpad.support.sap.com/#/notes/3169239 (circl)

Timeline

Jul 12, 2022 CVE Published
Jul 13, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 16, 2022 EPSS Score
Dec 2, 2022 EPSS Score
Jan 18, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 23, 2023 EPSS Score
Jun 9, 2023 EPSS Score
Jul 26, 2023 EPSS Score
Sep 11, 2023 EPSS Score
Oct 28, 2023 EPSS Score

References

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url
https://launchpad.support.sap.com/#/notes/3169239 url
https://nvd.nist.gov/vuln/detail/CVE-2022-29619 advisory

Open in Interactive Console →