CVE-2022-28216: XSS
First published: Tue Apr 12 2022(Updated: )
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Businessobjects Business Intelligence Platform | =420 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP BusinessObjects BI Workspace vulnerability?
The vulnerability ID is CVE-2022-28216.
What is the severity of CVE-2022-28216?
The severity of CVE-2022-28216 is medium with a CVSS score of 6.1.
How does CVE-2022-28216 affect SAP BusinessObjects Business Intelligence Platform (BI Workspace)?
CVE-2022-28216 affects SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420.
What is the impact of CVE-2022-28216?
On successful exploitation of CVE-2022-28216, an unauthenticated attacker can access certain reports, causing a potential information disclosure or further attacks.
How can I mitigate CVE-2022-28216 in SAP BusinessObjects BI Workspace?
To mitigate CVE-2022-28216, it is recommended to apply the relevant security patches provided by SAP.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap businessobjects business intelligence platform
- version/sap businessobjects business intelligence platform/420