CVE-2023-0020

CWE-200 — Information Exposure4 documents4 sources

Severity

7.1HIGH

EPSS

0.3%

top 44.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 14

Latest updateSep 26

Description

SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:LExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform420, 430+1

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform420, 430+1

🔴Vulnerability Details

GHSA

GHSA-hjg7-v455-hqpc: SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is othe↗2023-02-14

▶

CVEList

CVE-2023-0020: SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is othe↗2023-02-14

▶

📋Vendor Advisories

VMware

VMware Aria Operations updates address local privilege escalation vulnerability. (CVE-2023-34043)↗2023-09-26

▶