CVE-2022-41263

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (Web Intelligence) versions 420, 430

Description The issue is caused by a missing authentication check, allowing an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information, causing a limited impact on the integrity of the application.

Recommendations For versions 420 and 430, consider restricting access to the document data source information to prevent unauthorized modifications until a patch is available. As a temporary workaround, limit the privileges of non-administrator users to minimize the risk of exploitation. Restrict access to sensitive documents to minimize the risk of information modification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.