CVE-2023-37489 — Information Exposure via Error Message in SE SAP Businessobjects Business Intelligence Platform

CWE-209 — Information Exposure via Error Message3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 62.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedSep 12

Latest updateSep 14

Description

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform430

▶NVDsap/businessobjects_business_intelligence430

🔴Vulnerability Details

GHSA

GHSA-h382-4j66-7v4w: Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticate↗2023-09-14

▶

CVEList

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)↗2023-09-12

▶