CVE-2023-31404

Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

CVSS 5 MEDIUMEPSS 0.5%CWE-200

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 mai 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Produtos afetados

SAP_SE · SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://launchpad.support.sap.com/#/notes/3038911 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html