CVE-2022-31591

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://launchpad.support.sap.com/#/notes/3167430	Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects_bw_publisher_service:420:::::::*
	cpe:2.3:a:sap:businessobjects_bw_publisher_service:430:::::::*

History

No history.

Information

Published : 2022-07-12 21:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-31591

Mitre link : CVE-2022-31591

CVE.ORG link : CVE-2022-31591

JSON object : View

Products Affected

sap

businessobjects_bw_publisher_service

CWE

CWE-428

Unquoted Search Path or Element

{"id": "CVE-2022-31591", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-07-12T21:15:09.973", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3167430", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-428"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service"}, {"lang": "es", "value": "SAP BusinessObjects BW Publisher Service - versiones 420, 430, usa una ruta de b\u00fasqueda que contiene un elemento no citado. Un atacante local puede conseguir altos privilegios al insertar un archivo ejecutable en la ruta del servicio afectado"}], "lastModified": "2022-07-16T02:23:38.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_bw_publisher_service:420:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA68C531-6573-4491-9AD8-F51F5CEA5FB0"}, {"criteria": "cpe:2.3:a:sap:businessobjects_bw_publisher_service:430:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE748229-CAE8-4E25-A2B6-FD6D1EE32B8F"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}