CVE-2023-40622 CRITICAL

CVE-2023-40622: Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence Platform (Promotion Management)
Weakness CWE-732
Published September 12, 2023
Last update September 28, 2024

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.

Key dates

02Disclosure timeline

September 12, 2023 CVE published
September 28, 2024 Record updated