CVE-2022-31591 — Vulnetix

CVE-2022-31591 PUBLISHED CVSS 4.599999904632568 MEDIUM

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service

EPSS 0.05% · 16.6th percentile

Risk Scores

CVSS v2.0

4.599999904632568

EPSS Score

0.05%

16.6th percentile

Affected Products

Vendor	Product	Versions
sap	businessobjects_bw_publisher_service	420, 430
SAP SE	SAP BusinessObjects (BW Publisher Service)	420, 430

Timeline

Jul 12, 2022 CVE Published
Jul 13, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 16, 2022 EPSS Score
Dec 2, 2022 EPSS Score
Jan 18, 2023 EPSS Score
Mar 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jun 8, 2023 EPSS Score
Jul 25, 2023 EPSS Score
Sep 10, 2023 EPSS Score

References

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url
https://launchpad.support.sap.com/#/notes/3167430 url
https://nvd.nist.gov/vuln/detail/CVE-2022-31591 advisory

Open in Interactive Console →