Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3352453 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
14 Sep 2023, 02:07
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:* | |
First Time |
Sap businessobjects Business Intelligence
Sap |
|
References | (MISC) https://me.sap.com/notes/3352453 - Permissions Required | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
12 Sep 2023, 11:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 02:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-37489
Mitre link : CVE-2023-37489
CVE.ORG link : CVE-2023-37489
JSON object : View
Products Affected
sap
- businessobjects_business_intelligence
CWE
CWE-209
Generation of Error Message Containing Sensitive Information