CVE-2022-31596

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Monitoring DB) version 430

Description Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network can access the BOE Monitoring database to retrieve and modify non-personal system data, which would otherwise be restricted. A potential attack could also be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.

Recommendations For version 430, consider restricting access to the BOE Monitoring database and limiting the privileges of CMS administrators to minimize the risk of exploitation. As a temporary workaround, consider disabling access to the database until a patch is available. Restrict access to the Network to prevent attackers from gaining high privileges.