CVE-2022-35296

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.

Related Vulnerabilities

CVE-2012-4382

MEDIUM
CVSS:4.9(Medium)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

CWE-2002012

CVE-2013-0192

MEDIUM
CVSS:4.9(Medium)

File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config.

CWE-2002013

CVE-2015-3251

MEDIUM
CVSS:4.9(Medium)

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API cal...

CWE-2002015

CVE-2016-0225

MEDIUM
CVSS:4.9(Medium)

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.

CWE-2002016

CVE-2016-10740

MEDIUM
CVSS:4.9(Medium)

Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to request...

CWE-2002016

CVE-2016-1497

MEDIUM
CVSS:4.9(Medium)

The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows...

CWE-2002016