Unauthenticated Information Disclosure in SAP BusinessObjects Business Intelligence Platform

Unauthenticated Information Disclosure in SAP BusinessObjects Business Intelligence Platform

CVE-2022-32245 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application.

Learn more about our Network Penetration Testing.