CVE-2023-31404

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.

Published: May 9, 2023
Updated: May 16, 2023
CVE: CVE-2023-31404
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
sap / businessobjects_business_intelligence	420	420.x
sap / businessobjects_business_intelligence	430	430.x

https://launchpad.support.sap.com/#/notes/3038911
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vulnerability Database

289,871

CVE-2023-31404