Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2023-30740

6.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 9 May 2023

What is CVE-2023-30740?

The vulnerability in the SAP BusinessObjects Business Intelligence Platform, specifically in versions 420 and 430, enables an authenticated attacker to gain unauthorized access to sensitive information that is typically restricted. If successfully exploited, this may lead to severe repercussions regarding the confidentiality of the affected data, while having a limited effect on the integrity and availability of the application. Organizations using these versions should assess their security measures to mitigate potential risks.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform 420

SAP BusinessObjects Business Intelligence Platform 430

References

https://launchpad.support.sap.com/#/notes/3313484

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Apr 14, 2023