CVE-2022-31591

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects BW Publisher Service versions 420, 430

Description The issue is related to the absence of quotes in writing elements or search paths, which can be exploited by a local attacker to gain elevated privileges by inserting an executable file in the path of the affected service.

Recommendations For versions 420 and 430, consider restricting access to the search path to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using unquoted elements in the search path to reduce the vulnerability to privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.