Skip to main content

Businessobjects Business Intelligence CVE-2023-31404

MEDIUM
Information Exposure (CWE-200)
2023-05-09 cna@sap.com
5.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 09, 2023 - 02:15 nvd
MEDIUM 5.0

DescriptionNVD

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.

AnalysisAI

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted. Affected products include: Sap Businessobjects Business Intelligence.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-40622 CRITICAL
9.9 Sep 12

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition a

CVE-2023-28765 CRITICAL
9.8 Apr 11

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - version

CVE-2018-2445 CRITICAL
9.6 Aug 14

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnera

CVE-2023-37490 CRITICAL
9.0 Aug 08

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an

CVE-2022-41203 HIGH
8.8 Nov 08

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated atta

CVE-2018-2442 HIGH
8.8 Aug 14

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI

CVE-2018-2427 HIGH
8.8 Jul 10

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Stu

CVE-2025-23192 HIGH
8.2 Jun 10

Stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects BI Workspace that allows unauthenticated attacker

CVE-2022-32245 HIGH
8.2 Aug 10

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attack

CVE-2019-0268 HIGH
8.1 Mar 12

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently val

CVE-2022-28214 HIGH
7.8 May 11

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication

CVE-2023-30740 HIGH
7.6 May 09

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensi

Share

CVE-2023-31404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy