CVE-2022-28213

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform versions 420, 430

Description The issue arises when a user accesses SOAP Web services, and the system fails to sufficiently validate the XML document accepted from an untrusted source. This could lead to the retrieval of arbitrary files from the server and potentially result in successful exploits of Denial of Service (DoS).

Recommendations For versions 420 and 430, consider restricting access to SOAP Web services until a fix is available. As a temporary workaround, restrict the acceptance of XML documents from untrusted sources to minimize the risk of exploitation.