Skip to main content

Business Objects Business Intelligence Platform CVE-2022-41263

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2022-12-12 cna@sap.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 12, 2022 - 22:15 nvd
MEDIUM 4.3

DescriptionNVD

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.

AnalysisAI

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application. Affected products include: Sap Business Objects Business Intelligence Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2024-41730 CRITICAL
9.8 Aug 13

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an u

CVE-2023-25617 HIGH
8.8 Mar 14

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, wh

CVE-2023-25616 HIGH
8.8 Mar 14

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object executio

CVE-2022-41267 HIGH
8.8 Dec 13

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/repla

CVE-2023-42478 HIGH
7.6 Dec 12

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic

CVE-2022-39013 HIGH
7.6 Oct 11

Under certain conditions an authenticated attacker can get access to OS credentials. Rated high severity (CVSS 7.6), thi

CVE-2022-39015 MEDIUM
6.5 Oct 11

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be rest

CVE-2022-24398 MEDIUM
6.5 Mar 10

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticate

CVE-2022-31596 MEDIUM
6.0 Dec 12

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Networ

CVE-2023-23856 MEDIUM
5.4 Feb 14

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json wit

CVE-2023-0015 MEDIUM
5.4 Jan 10

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return

CVE-2022-31598 MEDIUM
5.4 Jul 12

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a m

Share

CVE-2022-41263 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy