CVE-2021-33667

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Web Intelligence (BI Launchpad) versions 420, 430

Description: The issue allows an attacker to access jsp source code through SDK calls of the Analytical Reporting bundle, which is a part of the frontend application and would otherwise be restricted. This occurs under certain conditions.

Recommendations: For versions 420 and 430, consider restricting access to the Analytical Reporting bundle to minimize the risk of exploitation. As a temporary workaround, consider disabling SDK calls to the jsp source code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.