CVE-2023-40622

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)

CVSS 9.9 CRITICALEPSS 0.5%CWE-732

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.9EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 set 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

SAP_SE · SAP BusinessObjects Business Intelligence Platform (Promotion Management)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3320355 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html