Authentication Bypass in SAP BusinessObjects Business Intelligence Platforms
CVE-2023-0020

8.5HIGH

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 14 February 2023

Summary

The SAP BusinessObjects Business Intelligence platform versions 420 and 430 contain a vulnerability that allows authenticated attackers to access sensitive information otherwise restricted by the application. Exploiting this vulnerability poses a significant risk to data confidentiality, potentially leading to unauthorized data exposure, while maintaining relatively limited impact on the application's integrity.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform 420

SAP BusinessObjects Business Intelligence Platform 430

References

https://launchpad.support.sap.com/#/notes/3263135

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 20, 2022