CVE-2022-35169

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (LCM) versions 420, 430

Description The issue allows an attacker with admin privileges to read and decrypt the LCMBIAR file's password under certain conditions. This enables the attacker to modify the password or import the file into another system, causing a high impact on confidentiality but a limited impact on the availability and integrity of the application. The vulnerability is related to the lack of protection of service data in the Lifecycle Management console component. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 420 and 430, consider restricting access to the LCMBIAR file and the Lifecycle Management console to minimize the risk of exploitation. As a temporary workaround, limit the use of admin privileges to only necessary operations until a fix is available. Avoid using the affected LCMBIAR file import functionality in other systems until the issue is resolved.