CVE-2022-28213

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Средний

Описание

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.

Ссылки

http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/3055044
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/3055044
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:*:*:*:*

cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12617

Средний

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-112

Связанные уязвимости

GHSA-rv48-743j-57hj