Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)
CVE-2023-40622

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (promotion Management)
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-40622?

A vulnerability exists in the SAP BusinessObjects Business Intelligence Platform, specifically within its Promotion Management feature. Under specific conditions, an authenticated attacker can exploit this flaw to gain access to sensitive information that is normally restricted. This exploitation may lead to a complete compromise of the application, posing severe risks to the confidentiality, integrity, and availability of data.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Promotion Management) 420

SAP BusinessObjects Business Intelligence Platform (Promotion Management) 430

References

https://me.sap.com/notes/3320355

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 17, 2023