CVE-2022-28213 is a vulnerability in SAP Businessobjects Business Intelligence Platform
Published on April 12, 2022
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
Weakness Type
Missing XML Validation
The software accepts XML from an untrusted source but does not validate the XML against the proper schema. Most successful attacks begin with a violation of the programmer's assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.
Products Associated with CVE-2022-28213
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence Platform? stack.watch will email you.
Affected Versions
SAP SE SAP BusinessObjects Business Intelligence Platform:- Version 420 is affected.
- Version 430 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.