SAP Business Objects Business Intelligence Platform: SQL Injection Vulnerability

SAP Business Objects Business Intelligence Platform: SQL Injection Vulnerability

CVE-2022-32246 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.