Vulnerabilities > CVE-2023-40622 - Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430

CVSS 9.9 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

critical

NVD

Published: 2023-09-12

Updated: 2024-11-21

Summary

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence 420 SAP Businessobjects Business Intelligence 430	2

References

https://me.sap.com/notes/3320355
https://me.sap.com/notes/3320355
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html