CVE-2022-35295 — Vulnetix

CVE-2022-35295 PUBLISHED CVSS 4.900000095367432 MEDIUM

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) - versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.

EPSS 1.22% · 79.4th percentile

Risk Scores

CVSS 3.1

4.900000095367432

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score

1.22%

79.4th percentile

Affected Products

Vendor	Product	Versions
sap	host_agent	7.22
SAP SE	SAP Host Agent (SAPOSCOL)	7.22

Exploit Intelligence

http://packetstormsecurity.com/files/170233/SAP-Host-Agent-Privilege-Escalation.html (nist-nvd)
http://seclists.org/fulldisclosure/2022/Dec/12 (nist-nvd)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)
https://launchpad.support.sap.com/#/notes/3159736 (circl)
SAP@ Host Agent Privilege Escalation Vulnerability (0day-today)
SAP@ Host Agent Privilege Escalation Vulnerability (0day-today)

Timeline

Sep 13, 2022 CVE Published
Sep 14, 2022 EPSS Score
Oct 29, 2022 EPSS Score
Dec 13, 2022 EPSS Score
Dec 15, 2022 PoC Published
Jan 27, 2023 EPSS Score
Mar 13, 2023 EPSS Score
Apr 27, 2023 EPSS Score
Jun 11, 2023 EPSS Score
Jul 26, 2023 EPSS Score
Sep 9, 2023 EPSS Score
Oct 24, 2023 EPSS Score

References

Open in Interactive Console →