Unrestricted Access to Sensitive Params in SAP BIP CMC
CVE-2022-39014 Published on September 13, 2022
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
Weakness Type
Missing Encryption of Sensitive Data
The software does not encrypt sensitive or critical information before storage or transmission. The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.
Products Associated with CVE-2022-39014
stack.watch emails you whenever new vulnerabilities are published in SAP Businessobjects Business Intelligence Platform or SAP Businessobjects. Just hit a watch button to start following.
Affected Versions
SAP SE SAP BusinessObjects Business Intelligence Platform (CMC) Version 430 is affected by CVE-2022-39014Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.