Vulnerabilities > CVE-2021-33667 - Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2021-07-14

Updated: 2021-07-16

Summary

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects WEB Intelligence 420 SAP Businessobjects WEB Intelligence 430	2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
https://launchpad.support.sap.com/#/notes/3044751