When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.html | Exploit Third Party Advisory VDB Entry |
https://launchpad.support.sap.com/#/notes/3055044 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2022-04-12T16:11:27
Updated: 2022-05-11T17:06:24
Reserved: 2022-03-30T00:00:00
Link: CVE-2022-28213
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-12T17:15:10.523
Modified: 2022-09-09T16:47:25.820
Link: CVE-2022-28213
JSON object: View
Redhat Information
No data.
CWE