CVE-2022-28213

moderate-risk
Published 2022-04-12

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.

Do I need to act?

!
12.6% chance of exploitation in next 30 days
EPSS score — higher than 87% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
50900
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Sap

References (6)

Exploit http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3...
Permissions Required https://launchpad.support.sap.com/#/notes/3055044
Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Exploit http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3...
Permissions Required https://launchpad.support.sap.com/#/notes/3055044
Vendor Advisory https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
47
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 12/34 · Low
Exposure 7/34 · Low