CVE-2022-41203

CRITICAL Year: 2022
CVSS v3 Score
9.9
Critical
Weakness Type
CWE-502
View all →

Vulnerability Description

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system.

Related Vulnerabilities

CVE-2022-38652

CRITICAL
CVSS:9.9(Critical)

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within...

CWE-5022022

CVE-2024-29212

CRITICAL
CVSS:9.9(Critical)

Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possi...

CWE-5022024

CVE-2024-30228

CRITICAL
CVSS:9.9(Critical)

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.

CWE-5022024

CVE-2024-37361

CRITICAL
CVSS:9.9(Critical)

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 a...

CWE-5022024

CVE-2025-23120

CRITICAL
CVSS:9.9(Critical)

A vulnerability allowing remote code execution (RCE) for domain users.

CWE-5022025

CVE-2025-24016

CRITICAL
CVSS:9.9(Critical)

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for r...

CWE-5022025