← back
CVE-2022-28213

CVE-2022-28213

EPSS 12.1%CWE-112
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
Affected products
SAP SE · SAP BusinessObjects Business Intelligence Platform
public PoCs found2
cve_referencepacketstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50900unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.htmlhttps://launchpad.support.sap.com/#/notes/3055044https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html