Missing Encryption of Sensitive Data

CVE-2022-39014

Medium

5.3/10

Summary

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-311 - Missing Encryption of Sensitive Data

The software does not encrypt sensitive or critical information before storage or transmission.

References

Advisory Timeline

Published Sep 13, 2022

Missing Encryption of Sensitive Data

CVE-2022-39014

Summary

CWE-311 - Missing Encryption of Sensitive Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS