CVE-2022-35228 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-35228 PUBLISHED CVSS 6.800000190734863 MEDIUM

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.

EPSS 0.18% · 39.7th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

0.18%

39.7th percentile

Affected Products

Vendor	Product	Versions
sap	businessobjects_business_intelligence_platform	420, 430
SAP SE	SAP BusinessObjects Business Intelligence Platform (Central management Console)	420, 430

Timeline

Jul 12, 2022 CVE Published
Jul 13, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 15, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Jan 16, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 19, 2023 EPSS Score
Jun 5, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Sep 6, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

Open in Interactive Console →