CVE-2023-40622 Information
Sep 16, 2023
cve
Description
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420 430 under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation the attacker can completely compromise the application causing high impact on confidentiality integrity and availability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Reference
https://me.sap.com/notes/3320355 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.9
Share on: