{"vulnerability": "CVE-2022-3529", "sightings": [{"uuid": "c30caf20-fef4-47d0-8b60-6a0951940b3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35299", "type": "seen", "source": "https://t.me/cibsecurity/51208", "content": "\u203c CVE-2022-35299 \u203c\n\nSAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T00:32:20.000000Z"}, {"uuid": "f1e74a82-ff9b-4d57-b505-e61c13d8850f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35292", "type": "seen", "source": "https://t.me/ics_cert/605", "content": "\u0641\u0631\u0648\u0634\u0646\u062f\u0647 \u0646\u0631\u0645 \u0627\u0641\u0632\u0627\u0631 \u0622\u0644\u0645\u0627\u0646\u06cc SAP \u0627\u0632 \u0627\u0646\u062a\u0634\u0627\u0631 \u0647\u0634\u062a \u0628\u0648\u0644\u062a\u0646 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc\u062f \u0648 \u067e\u0646\u062c \u0628\u0648\u0644\u062a\u0646 \u0628\u0647 \u0631\u0648\u0632 \u0634\u062f\u0647 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0628\u062e\u0634\u06cc \u0627\u0632 PatchTuesday \u0633\u067e\u062a\u0627\u0645\u0628\u0631 \u062e\u0628\u0631 \u062f\u0627\u062f.\n\n\u0645\u0647\u0645\u062a\u0631\u06cc\u0646 \u0622\u0646\u0647\u0627 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u0631 Business One \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc \u062a\u0648\u0627\u0646\u062f \u0645\u0646\u062c\u0631 \u0628\u0647 \u062a\u0634\u062f\u06cc\u062f \u0627\u0645\u062a\u06cc\u0627\u0632 \u0634\u0648\u062f. CVE-2022-35292 (\u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 CVSS 7.8) \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0645\u0633\u06cc\u0631 \u062e\u062f\u0645\u0627\u062a  \u062a\u0648\u0635\u06cc\u0641 \u0645\u06cc \u0634\u0648\u062f.\n\n\u0637\u0628\u0642 \u06af\u0641\u062a\u0647 Onapsis\u060c \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0645\u0633\u06cc\u0631 \u0633\u0631\u0648\u06cc\u0633 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0631\u0627\u06cc \u0627\u062c\u0631\u0627\u06cc \u06cc\u06a9 \u0628\u0627\u06cc\u0646\u0631\u06cc \u062f\u0644\u062e\u0648\u0627\u0647 \u0647\u0646\u06af\u0627\u0645 \u0634\u0631\u0648\u0639 \u0633\u0631\u0648\u06cc\u0633 \u0622\u0633\u06cc\u0628\u200c\u062f\u06cc\u062f\u0647 \u0645\u0648\u0631\u062f \u0633\u0648\u0621 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0642\u0631\u0627\u0631 \u06af\u06cc\u0631\u062f\u060c \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0622\u0646 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u062a\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632\u0627\u062a \u0631\u0627 \u0628\u0647 SYSTEM \u0627\u0641\u0632\u0627\u06cc\u0634 \u062f\u0647\u062f.\n\nSAP \u0647\u0645\u0686\u0646\u06cc\u0646 \u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u062f\u0631 BusinessObjects (CVE-2022-39014\u060c CVSS 7.7) \u0628\u0631\u0637\u0631\u0641 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633 \u0631\u0645\u0632\u06af\u0630\u0627\u0631\u06cc \u0646\u0634\u062f\u0647 \u0631\u0627 \u0628\u062f\u0647\u062f.\n\n\u0627\u0639\u0644\u0627\u0645\u06cc\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u062c\u062f\u06cc\u062f \u062f\u0627\u0631\u0627\u06cc \u0631\u062a\u0628\u0647 \"\u0645\u062a\u0648\u0633\u0637\" \u0647\u0633\u062a\u0646\u062f \u0648 \u0628\u0631\u0627\u06cc BusinessObjects\u060c NetWeaver Enterprise Portal\u060c NetWeaver AS ABAP \u0648 NetWeaver Application Server ABAP \u0647\u0633\u062a\u0646\u062f.\n\n\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0627\u0647\u060c SAP \u0647\u0645\u0686\u0646\u06cc\u0646 \u0627\u0639\u0644\u0627\u0645\u06cc\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0627\u0648\u0644\u0648\u06cc\u062a \u0628\u0627\u0644\u0627 \u0631\u0627 \u062f\u0631 Knowledge Store\u060c SuccessFactors \u0648 BusinessObjects \u0628\u0647\u200c\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u06a9\u0631\u062f.\n\n\ud83d\udc6e\u200d\u2640\ufe0f\ud83d\udc6e\u200d\u2640\ufe0f \u0628\u0627\u0632\u0646\u0634\u0631 \u0645\u0637\u0627\u0644\u0628 \u0627\u06cc\u0646 \u06a9\u0627\u0646\u0627\u0644 \u0635\u0631\u0641\u0627 \u0628\u0627 \u0630\u06a9\u0631 \u0645\u0646\u0628\u0639 \u0648 \u0622\u062f\u0631\u0633 \u06a9\u0627\u0645\u0644 \u06a9\u0627\u0646\u0627\u0644 \u0645\u062c\u0627\u0632 \u0645\u06cc\u0628\u0627\u0634\u062f.\n\n\ud83c\udfed\u0648\u0628\u0633\u0627\u06cc\u062a \u0648 \u06a9\u0627\u0646\u0627\u0644 \u062a\u062e\u0635\u0635\u06cc \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a\u0647\u0627\u06cc \u0627\u062a\u0648\u0645\u0627\u0633\u06cc\u0648\u0646 \u0648 \u06a9\u0646\u062a\u0631\u0644 \u0635\u0646\u0639\u062a\u06cc\n\n\u0627\u062f\u0645\u06cc\u0646:\nhttps://t.me/pedram_kiani\n\u06a9\u0627\u0646\u0627\u0644 \u062a\u0644\u06af\u0631\u0627\u0645:\nhttps://t.me/ics_cert\n\u062a\u0648\u06cc\u06cc\u062a\u0631:\nhttps://twitter.com/icscerti", "creation_timestamp": "2022-09-16T16:09:26.000000Z"}, {"uuid": "5eeb45be-fffb-4a51-9813-064068bc9810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35292", "type": "seen", "source": "https://t.me/true_secator/3432", "content": "\u041d\u0435\u043c\u0435\u0446\u043a\u0438\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u041f\u041e SAP \u043e\u0431\u044a\u044f\u0432\u0438\u043b \u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0435 \u0432\u043e\u0441\u044c\u043c\u0438 \u043d\u043e\u0432\u044b\u0445 \u0438 \u043f\u044f\u0442\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u043e\u0433\u043e PatchTuesday.\n\n\u0421\u0430\u043c\u0430\u044f \u0432\u0430\u0436\u043d\u0430\u044f \u0438\u0437\u00a0\u043d\u0438\u0445\u00a0\u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Business One, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. CVE-2022-35292 (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 7,8) \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0443\u0442\u0438 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u0431\u0435\u0437 \u043a\u0430\u0432\u044b\u0447\u0435\u043a.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043c\u043d\u0435\u043d\u0438\u044e Onapsis, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0443\u0442\u0438 \u0441\u043b\u0443\u0436\u0431\u044b \u0431\u0435\u0437 \u043a\u0430\u0432\u044b\u0447\u0435\u043a \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u0432\u043e\u0438\u0447\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u043b\u0443\u0436\u0431\u044b, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0435\u0439 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e SYSTEM.\n\nSAP \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 BusinessObjects (CVE-2022-39014, CVSS 7,7), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438.\n\n\u0417\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f SAP GRC \u0442\u0440\u0435\u0442\u044c\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0435\u0430\u043d\u0441\u0443 Firefighter \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043e\u043d \u0431\u044b\u043b \u0437\u0430\u043a\u0440\u044b\u0442 \u0432 \u043f\u0430\u043d\u0435\u043b\u0438 \u0432\u0445\u043e\u0434\u0430.\u00a0\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-39801 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 7,1.\n\n\u0412\u0441\u0435 \u043f\u044f\u0442\u044c \u043e\u0441\u0442\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u043d\u043e\u0432\u044b\u0445 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438\u043c\u0435\u044e\u0442 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u00ab\u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438\u00bb \u0438 \u043a\u0430\u0441\u0430\u044e\u0442\u0441\u044f BusinessObjects, NetWeaver Enterprise Portal, NetWeaver AS ABAP \u0438 NetWeaver Application Server ABAP.\n\n\u0412 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 SAP \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0432\u044b\u0441\u043e\u043a\u043e\u043f\u0440\u0438\u043e\u0440\u0438\u0442\u0435\u0442\u043d\u044b\u0435 \u043f\u0440\u0438\u043c\u0435\u0447\u0430\u043d\u0438\u044f, \u043a\u0430\u0441\u0430\u044e\u0449\u0438\u0435\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0435 \u0437\u043d\u0430\u043d\u0438\u0439, SuccessFactors \u0438 BusinessObjects.", "creation_timestamp": "2022-09-16T16:32:02.000000Z"}, {"uuid": "7fc12625-f1b5-471a-a5af-56a8fb5f2ffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35294", "type": "seen", "source": "https://t.me/cibsecurity/49670", "content": "\u203c CVE-2022-35294 \u203c\n\nAn attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T20:25:36.000000Z"}, {"uuid": "41c746a0-b405-462f-8efd-ae27425269db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35290", "type": "seen", "source": "https://t.me/cibsecurity/47911", "content": "\u203c CVE-2022-35290 \u203c\n\nUnder certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T00:32:18.000000Z"}, {"uuid": "6b857ef6-3bcd-449d-9511-296bc50f6a43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35292", "type": "seen", "source": "https://t.me/cibsecurity/49663", "content": "\u203c CVE-2022-35292 \u203c\n\nIn SAP Business One application when a service is created, the executable path contains spaces and isn\u00e2\u20ac\u2122t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T20:25:28.000000Z"}, {"uuid": "6eec03c9-15ec-4734-9453-c21dc683081a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35298", "type": "seen", "source": "https://t.me/cibsecurity/49662", "content": "\u203c CVE-2022-35298 \u203c\n\nSAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\u00e2\u20ac\u2122s web browser session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T20:25:26.000000Z"}, {"uuid": "bebe7626-9163-41f1-8078-625265ee5b15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3529", "type": "seen", "source": "https://t.me/cibsecurity/51537", "content": "\u203c CVE-2022-3529 \u203c\n\nA vulnerability has been found in Linux Kernel and classified as problematic. Affected by this vulnerability is the function fdb_get of the file bridge/fdb.c of the component iproute2. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211027.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-16T22:42:17.000000Z"}, {"uuid": "67674301-f433-466e-acc6-03bcc3d7dc91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35295", "type": "seen", "source": "https://t.me/cibsecurity/49666", "content": "\u203c CVE-2022-35295 \u203c\n\nUnder certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) - versions 420, 430, exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T20:25:31.000000Z"}, {"uuid": "e5b13c3c-7680-44a0-9017-363b86df88c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-35291", "type": "seen", "source": "https://t.me/cibsecurity/47077", "content": "\u203c CVE-2022-35291 \u203c\n\nDue to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-27T18:46:47.000000Z"}]}