VDB

CVE-2022-35228

CVE-2022-35228 PUBLISHED CVSS 6.800000190734863 MEDIUM

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.

EPSS 0.18% · 39.7th percentile

Risk Scores

CVSS 2.0
6.800000190734863
EPSS Score
0.18%
39.7th percentile

Affected Products

VendorProductVersions
sapbusinessobjects_business_intelligence_platform430, 420
SAP SESAP BusinessObjects Business Intelligence Platform (Central management Console)420, 430

Timeline

  • Jul 12, 2022 CVE Published
  • Jul 13, 2022 EPSS Score
  • Aug 30, 2022 EPSS Score
  • Oct 16, 2022 EPSS Score
  • Dec 2, 2022 EPSS Score
  • Jan 18, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 23, 2023 EPSS Score
  • Jun 9, 2023 EPSS Score
  • Jul 26, 2023 EPSS Score
  • Sep 11, 2023 EPSS Score
  • Oct 28, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›