Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2023-30740

7.6HIGH

Key Information:

Vendor: SAP
Status: SAP BusinessObjects Business Intelligence Platform
Vendor: CVE Published:; 9 May 2023

Summary

The vulnerability in the SAP BusinessObjects Business Intelligence Platform, specifically in versions 420 and 430, enables an authenticated attacker to gain unauthorized access to sensitive information that is typically restricted. If successfully exploited, this may lead to severe repercussions regarding the confidentiality of the affected data, while having a limited effect on the integrity and availability of the application. Organizations using these versions should assess their security measures to mitigate potential risks.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform 420

SAP BusinessObjects Business Intelligence Platform 430

References

https://launchpad.support.sap.com/#/notes/3313484

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Apr 14, 2023