CVE-2023-39440 MEDIUM

CVE-2023-39440: Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence
Weakness CWE-312 · Cleartext storage
Published August 8, 2023
Last update October 8, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
October 8, 2024 Record updated