CVE-2022-35228 – CVE-2022-35228 is a cross-site request forgery ... (How to Fix)

Q: What is the severity of CVE-2022-35228?

CVE-2022-35228 has a CVSS score of 8.8 (HIGH). CVE-2022-35228 is a cross-site request forgery (CSRF) vulnerability in SAP BusinessObjects Central Management Console (CMC) that allows an unauthenticated attacker to retrieve token information when combined with local compromise techniques like sniffing or social engineering. This affects organizations running vulnerable SAP BusinessObjects installations. Successful exploitation could lead to complete compromise of the application.

📋 TL;DR

CVE-2022-35228 is a cross-site request forgery (CSRF) vulnerability in SAP BusinessObjects Central Management Console (CMC) that allows an unauthenticated attacker to retrieve token information when combined with local compromise techniques like sniffing or social engineering. This affects organizations running vulnerable SAP BusinessObjects installations. Successful exploitation could lead to complete compromise of the application.

💻 Affected Systems

Products:

SAP BusinessObjects Central Management Console (CMC)

Versions: Specific versions not detailed in provided references; consult SAP notes for exact affected versions

Operating Systems: All platforms running SAP BusinessObjects

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires legitimate user access combined with local compromise techniques to exploit.

📦 What is this software?

Businessobjects Business Intelligence Platform by Sap

View all CVEs affecting Businessobjects Business Intelligence Platform →

Businessobjects Business Intelligence Platform by Sap

View all CVEs affecting Businessobjects Business Intelligence Platform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SAP BusinessObjects application, potentially leading to data theft, unauthorized access to business intelligence data, and further network penetration.

🟠

Likely Case

Unauthorized access to token information enabling session hijacking or privilege escalation within the BusinessObjects environment.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: MEDIUM - Requires local compromise combined with network access, but internet-facing instances increase attack surface.

🏢 Internal Only: MEDIUM - Internal systems still vulnerable to insider threats or compromised internal devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires two-step attack: 1) Local compromise (sniffing/social engineering) to capture legitimate user activity, 2) Network-based token retrieval.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3221288

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3221288

Restart Required: Yes

Instructions:

1. Download and apply SAP Security Note 3221288. 2. Restart affected SAP BusinessObjects services. 3. Verify patch application through version checks.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to SAP BusinessObjects CMC to trusted networks only

Enhanced Monitoring

all

Implement monitoring for unusual token retrieval patterns

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the CMC interface
Deploy enhanced monitoring for token-related activities and implement strong authentication mechanisms

🔍 How to Verify

Check if Vulnerable:

Check if SAP Security Note 3221288 has been applied to your SAP BusinessObjects installation

Check Version:

Consult SAP documentation for version checking commands specific to your installation

Verify Fix Applied:

Verify patch application through SAP Note application status and version checks

📡 Detection & Monitoring

Log Indicators:

Unusual token retrieval patterns
Unauthorized access attempts to CMC endpoints

Network Indicators:

Unexpected requests to token-related endpoints from unauthenticated sources

SIEM Query:

Search for: (source_ip NOT IN trusted_networks) AND (endpoint CONTAINS 'token' OR endpoint CONTAINS 'CMC') AND response_code=200

📊 Metadata

CVE ID: CVE-2022-35228

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: July 12, 2022

Last Updated: November 21, 2024

🔗 References

https://launchpad.support.sap.com/#/notes/3221288 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://launchpad.support.sap.com/#/notes/3221288 Permissions Required,Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-35228, you might also want to check these: