First published: Wed May 11 2022(Updated: )
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects | =420 | |
SAP BusinessObjects | =430 | |
SAP BusinessObjects Business Intelligence | =420 | |
SAP BusinessObjects Business Intelligence | =430 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-28214 is a vulnerability in SAP BusinessObjects Enterprise Central Management Server (CMS) versions 420 and 430 that exposes authentication credentials in Sysmon event logs, leading to information disclosure.
CVE-2022-28214 can have a high impact on systems' Confidentiality, Integrity, and Availability.
CVE-2022-28214 affects SAP BusinessObjects Enterprise versions 420 and 430, as well as SAP BusinessObjects Business Intelligence versions 420 and 430.
CVE-2022-28214 has a severity rating of 7.8 (High).
To fix CVE-2022-28214, it is recommended to apply the necessary patches and updates provided by SAP.