What is CVE-2022-39800?

CVE-2022-39800 is a vulnerability in SAP BusinessObjects BI LaunchPad versions 420 and 430 that allows an unauthenticated attacker to execute malicious scripts by exploiting improper sanitization of user inputs.

What is the severity of CVE-2022-39800?

The severity of CVE-2022-39800 is medium with a CVSS score of 6.1.

How does CVE-2022-39800 affect SAP BusinessObjects BI LaunchPad?

CVE-2022-39800 affects SAP BusinessObjects BI LaunchPad versions 420 and 430 by enabling an attacker to view or modify information through script execution.

How can CVE-2022-39800 be exploited?

CVE-2022-39800 can be exploited by an unauthenticated attacker by submitting malicious scripts through user inputs on the network.

Is there a fix available for CVE-2022-39800?

Yes, SAP has released a fix for CVE-2022-39800. Customers should refer to the SAP support note [3211161](https://launchpad.support.sap.com/#/notes/3211161) for more information.

Vulnerability/
CVE-2022-39800

medium

6.1

CWE

11/10/2022

3/8/2024

CVE-2022-39800: XSS

First published: Tue Oct 11 2022(Updated: )

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP BusinessObjects Business Intelligence	=420
SAP BusinessObjects Business Intelligence	=430

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-39800?
CVE-2022-39800 is a vulnerability in SAP BusinessObjects BI LaunchPad versions 420 and 430 that allows an unauthenticated attacker to execute malicious scripts by exploiting improper sanitization of user inputs.
What is the severity of CVE-2022-39800?
The severity of CVE-2022-39800 is medium with a CVSS score of 6.1.
How does CVE-2022-39800 affect SAP BusinessObjects BI LaunchPad?
CVE-2022-39800 affects SAP BusinessObjects BI LaunchPad versions 420 and 430 by enabling an attacker to view or modify information through script execution.
How can CVE-2022-39800 be exploited?
CVE-2022-39800 can be exploited by an unauthenticated attacker by submitting malicious scripts through user inputs on the network.
Is there a fix available for CVE-2022-39800?
Yes, SAP has released a fix for CVE-2022-39800. Customers should refer to the SAP support note [3211161](https://launchpad.support.sap.com/#/notes/3211161) for more information.

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/sap
canonical/sap businessobjects business intelligence
version/sap businessobjects business intelligence/420
version/sap businessobjects business intelligence/430

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.