SAP BusinessObjects BI Platform: Authenticated Deserialization Exploit
CVE-2022-41203 Published on November 8, 2022
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2022-41203 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2022-41203
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence? stack.watch will email you.
Affected Versions
SAP SE SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad):- Version = 4.2 is affected.
- Version = 4.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.