CVE-2022-28214 - Vulnerability Details

Vendors	Products
Sap	Businessobjects Businessobjects Business Intelligence

Link	Providers
https://launchpad.support.sap.com/#/notes/2998510
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "SAP BusinessObjects Enterprise (Central Management Server)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "420"}, {"status": "affected", "version": "430"}]}], "descriptions": [{"lang": "en", "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-11T14:54:42", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2998510"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2022-28214", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP BusinessObjects Enterprise (Central Management Server)", "version": {"version_data": [{"version_affected": "=", "version_value": "420"}, {"version_affected": "=", "version_value": "430"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-312"}]}]}, "references": {"reference_data": [{"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "refsource": "MISC", "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"name": "https://launchpad.support.sap.com/#/notes/2998510", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2998510"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:48:37.497Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2998510"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-28214", "datePublished": "2022-05-11T14:54:42", "dateReserved": "2022-03-30T00:00:00", "dateUpdated": "2024-08-03T05:48:37.497Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : SAP BusinessObjects Enterprise (Central Management Server) (string)

vendor : SAP SE (string)

versions : [ »

0 : { »

status : affected (string)

version : 420 (string)

}

1 : { »

status : affected (string)

version : 430 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-312 (string)

description : CWE-312 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-05-11T14:54:42 (string)

orgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

shortName : sap (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://launchpad.support.sap.com/#/notes/2998510 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cna@sap.com (string)

ID : CVE-2022-28214 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : SAP BusinessObjects Enterprise (Central Management Server) (string)

version : { »

version_data : [ »

0 : { »

version_affected : = (string)

version_value : 420 (string)

}

1 : { »

version_affected : = (string)

version_value : 430 (string)

}

]

}

]

}

vendor_name : SAP SE (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. (string)

}

]

}

impact : { »

cvss : { »

baseScore : null (string)

vectorString : null (string)

version : 3.0 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-312 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

refsource : MISC (string)

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

1 : { »

name : https://launchpad.support.sap.com/#/notes/2998510 (string)

refsource : MISC (string)

url : https://launchpad.support.sap.com/#/notes/2998510 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T05:48:37.497Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://launchpad.support.sap.com/#/notes/2998510 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : e4686d1a-f260-4930-ac4c-2f5c992778dd (string)

assignerShortName : sap (string)

cveId : CVE-2022-28214 (string)

datePublished : 2022-05-11T14:54:42 (string)

dateReserved : 2022-03-30T00:00:00 (string)

dateUpdated : 2024-08-03T05:48:37.497Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects:420:*:*:*:enterprise:*:*:*", "matchCriteriaId": "402CA360-5CBB-41FD-95E5-239C3DBC3BAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects:430:*:*:*:enterprise:*:*:*", "matchCriteriaId": "85CA5F35-E406-4691-BDA9-6D467F44CE4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*", "matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems\u2019 Confidentiality, Integrity, and Availability."}, {"lang": "es", "value": "Durante una actualizaci\u00f3n de SAP BusinessObjects Enterprise, Central Management Server (CMS) - versiones 420, 430, las credenciales de autenticaci\u00f3n est\u00e1n siendo expuestas en los registros de eventos de Sysmon. Esta divulgaci\u00f3n de informaci\u00f3n podr\u00eda causar un alto impacto en la confidencialidad, integridad y disponibilidad de los sistemas"}], "id": "CVE-2022-28214", "lastModified": "2024-11-21T06:56:57.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-11T15:15:09.730", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2998510"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2998510"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "cna@sap.com", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:sap:businessobjects:420:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 402CA360-5CBB-41FD-95E5-239C3DBC3BAD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:sap:businessobjects:430:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 85CA5F35-E406-4691-BDA9-6D467F44CE4C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:* (string)

matchCriteriaId : 38BA0DF9-D893-4AF9-923E-E47EA5C02C52 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:* (string)

matchCriteriaId : 85CBCF48-5478-4EE5-8F69-6E59EFDB707D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. (string)

}

1 : { »

lang : es (string)

value : Durante una actualización de SAP BusinessObjects Enterprise, Central Management Server (CMS) - versiones 420, 430, las credenciales de autenticación están siendo expuestas en los registros de eventos de Sysmon. Esta divulgación de información podría causar un alto impacto en la confidencialidad, integridad y disponibilidad de los sistemas (string)

}

]

id : CVE-2022-28214 (string)

lastModified : 2024-11-21T06:56:57.753 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-05-11T15:15:09.730 (string)

references : [ »

0 : { »

source : cna@sap.com (string)

tags : [ »

0 : Permissions Required (string)

1 : Vendor Advisory (string)

]

url : https://launchpad.support.sap.com/#/notes/2998510 (string)

}

1 : { »

source : cna@sap.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Permissions Required (string)

1 : Vendor Advisory (string)

]

url : https://launchpad.support.sap.com/#/notes/2998510 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (string)

}

]

sourceIdentifier : cna@sap.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-312 (string)

}

]

source : cna@sap.com (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object