CVE-2023-40622

CWE-732 — Incorrect Permission Assignment CWE-200 — Information Exposure3 documents3 sources

Severity

9.9CRITICAL

EPSS

0.1%

top 67.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform (promotion Management)SAP Businessobjects Business Intelligence

Timeline

PublishedSep 12

Latest updateSep 13

Description

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform_(promotion_management)420, 430+1

▶NVDsap/businessobjects_business_intelligence420, 430+1

🔴Vulnerability Details

GHSA

GHSA-fgh6-j2hc-p23r: SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacke↗2023-09-13

▶

CVEList

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)↗2023-09-12

▶