CVE-2023-37489 MEDIUM

CVE-2023-37489: Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence Platform (Version Management System)
Weakness CWE-209 · Error message info leak
Published September 12, 2023
Last update September 26, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

Key dates

02Disclosure timeline

September 12, 2023 CVE published
September 26, 2024 Record updated