CVE-2022-35228

CVE-2022-35228

Vendor Sap Se
Product SAP BusinessObjects Business Intelligence Platform (Central management Console)
Weakness CWE-352 · CSRF
Published July 12, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.

Key dates

02Disclosure timeline

July 12, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-46842 WordPress JS Help Desk plugin <= 2.7.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2022-47395 CVE-2022-47395 CVE-2023-6197 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting CVE-2020-36737 Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass CVE-2024-32947 WordPress WP ADA Compliance Check Basic plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability