CVE-2022-28214 - OpenCVE

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Businessobjects Businessobjects Business Intelligence

Configuration 1 [-]

OR	cpe:2.3:a:sap:businessobjects:420::::enterprise:::
	cpe:2.3:a:sap:businessobjects:430::::enterprise:::
	cpe:2.3:a:sap:businessobjects_business_intelligence:420:::::::*
	cpe:2.3:a:sap:businessobjects_business_intelligence:430:::::::*

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2998510	Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2022-05-11T14:54:42

Updated: 2022-05-11T14:54:42

Reserved: 2022-03-30T00:00:00

Link: CVE-2022-28214

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-11T15:15:09.730

Modified: 2022-05-19T03:17:11.743

Link: CVE-2022-28214

JSON object: View

Redhat Information

No data.

CWE

CWE-312

{"containers": {"cna": {"affected": [{"product": "SAP BusinessObjects Enterprise (Central Management Server)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "420"}, {"status": "affected", "version": "430"}]}], "descriptions": [{"lang": "en", "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-11T14:54:42", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2998510"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2022-28214", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP BusinessObjects Enterprise (Central Management Server)", "version": {"version_data": [{"version_affected": "=", "version_value": "420"}, {"version_affected": "=", "version_value": "430"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-312"}]}]}, "references": {"reference_data": [{"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"name": "https://launchpad.support.sap.com/#/notes/2998510", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2998510"}]}}}}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-28214", "datePublished": "2022-05-11T14:54:42", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2022-05-11T14:54:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects:420:*:*:*:enterprise:*:*:*", "matchCriteriaId": "402CA360-5CBB-41FD-95E5-239C3DBC3BAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects:430:*:*:*:enterprise:*:*:*", "matchCriteriaId": "85CA5F35-E406-4691-BDA9-6D467F44CE4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*", "matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability."}, {"lang": "es", "value": "Durante una actualizaci\u00f3n de SAP BusinessObjects Enterprise, Central Management Server (CMS) - versiones 420, 430, las credenciales de autenticaci\u00f3n est\u00e1n siendo expuestas en los registros de eventos de Sysmon. Esta divulgaci\u00f3n de informaci\u00f3n podr\u00eda causar un alto impacto en la confidencialidad, integridad y disponibilidad de los sistemas"}], "id": "CVE-2022-28214", "lastModified": "2022-05-19T03:17:11.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-11T15:15:09.730", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2998510"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "cna@sap.com", "type": "Primary"}]}