{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-39800", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "dateUpdated": "2022-10-14T00:00:00", "dateReserved": "2022-09-02T00:00:00", "datePublished": "2022-10-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2022-10-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}], "affected": [{"vendor": "SAP SE", "product": "SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)", "versions": [{"version": "< 420", "status": "affected"}, {"version": "< 430", "status": "affected"}]}], "references": [{"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"url": "https://launchpad.support.sap.com/#/notes/3211161"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79", "cweId": "CWE-79"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*", "matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application."}, {"lang": "es", "value": "SAP BusinessObjects BI LaunchPad - versiones 420, 430, es susceptible de sufrir un ataque de ejecuci\u00f3n de scripts por parte de un atacante no autenticado debido a un saneo inapropiado de las entradas del usuario mientras interact\u00faa en la red. Si es explotado con \u00e9xito, un atacante puede ver o modificar informaci\u00f3n causando un impacto limitado en la Confidencialidad e integridad de la aplicaci\u00f3n"}], "id": "CVE-2022-39800", "lastModified": "2022-11-10T04:28:44.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-11T21:15:14.563", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/3211161"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}