VDB
CVE-2022-35228
CVE-2022-35228
PUBLISHED
CVSS 6.800000190734863 MEDIUM
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.
EPSS 0.18% · 39.7th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.18%
39.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | businessobjects_business_intelligence_platform | 430, 420 |
| SAP SE | SAP BusinessObjects Business Intelligence Platform (Central management Console) | 420, 430 |
Exploit Intelligence
Timeline
- Jul 12, 2022 CVE Published
- Jul 13, 2022 EPSS Score
- Aug 30, 2022 EPSS Score
- Oct 16, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
- Jan 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 23, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Sep 11, 2023 EPSS Score
- Oct 28, 2023 EPSS Score