Information Disclosure Vulnerability in SAP Business Objects Software
CVE-2022-24398

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Business Intelligence Platform
Vendor: CVE Published:; 10 March 2022

Summary

SAP Business Objects Business Intelligence Platform, versions 420 and 430, contains a vulnerability that permits authenticated users to access information that is typically restricted. This flaw arises under specific conditions, highlighting a significant security concern for organizations relying on SAP's business intelligence solutions. Attackers with valid credentials could exploit this issue to retrieve sensitive data, undermining the overall integrity of the data management processes within the platform. It is crucial for users of affected versions to apply patches and monitor any unauthorized activities.

Affected Version(s)

SAP Business Objects Business Intelligence Platform < 420 < 420

SAP Business Objects Business Intelligence Platform < 430 < 430

References

https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3103424

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2022
Vulnerability Reserved
Feb 3, 2022