In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.

Related CVEs

CVE-2022-41203

Key Information

GHSA ID

GHSA-733v-x8pr-2mxj

Published

November 9, 2022 12:00 PM

Last Modified

November 9, 2022 7:02 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 8, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.