PT-2022-22694 · Sap · Sap Businessobjects Business Intelligence Platform+1
Fabian Hagg
·
Published
2022-09-13
·
Updated
2023-03-01
·
CVE-2022-35295
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Host Agent (SAPOSCOL) version 7.22
SAP BusinessObjects Business Intelligence Platform versions 420, 430
Description
The issue allows an attacker to escalate privileges for themselves by utilizing files created by saposcol under certain conditions. This may lead to a high impact on confidentiality, as sensitive information could be exposed to unauthorized actors over the network with high privileges.
Recommendations
For SAP Host Agent (SAPOSCOL) version 7.22, consider restricting access to files created by saposcol to prevent privilege escalation.
For SAP BusinessObjects Business Intelligence Platform versions 420, 430, restrict access to sensitive information to minimize the risk of exposure to unauthorized actors.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence Platform
Sap Host Agent