Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2022-09-13T19:24:35
Updated: 2024-08-03T07:39:50.380Z
Reserved: 2022-06-02T00:00:00
Link: CVE-2022-32244
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-09-13T20:15:09.693
Modified: 2024-11-21T07:06:00.190
Link: CVE-2022-32244
Redhat
No data.