Rewterz Threat Advisory – SAP Employee Self Service Vulnerability
May 12, 2022Rewterz Threat Advisory – SAP Web Dispatcher and SAP Netweaver AS for ABAP Vulnerability
May 12, 2022Rewterz Threat Advisory – SAP Employee Self Service Vulnerability
May 12, 2022Rewterz Threat Advisory – SAP Web Dispatcher and SAP Netweaver AS for ABAP Vulnerability
May 12, 2022Severity
High
Analysis Summary
CVE-2022-28214
SAP BusinessObjects Enterprise could allow a local authenticated attacker to obtain sensitive information, caused by the storage of authentication credentials in the Sysmon event logs. By gaining access to the Sysmon event logs, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-28214
Affected Vendors
SAP
Affected Products
- SAP BusinessObjects Enterprise 420
- SAP BusinessObjects Enterprise 430
Remediation
Current SAP customers should refer to SAP note for patch information, available from the SAP Web site (login required).