PT-2023-25992 · Sap · Sap Businessobjects Business Intelligence Platform
Published
2023-09-11
·
Updated
2023-09-14
·
CVE-2023-37489
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP BusinessObjects Business Intelligence Platform (Version Management System) version 403
Description
The issue is due to the lack of validation, which allows an unauthenticated user to read code snippets through the UI. This results in a low impact on confidentiality, with no effect on the application's availability or integrity.
Recommendations
For SAP BusinessObjects Business Intelligence Platform (Version Management System) version 403, consider implementing input validation to restrict unauthorized access to code snippets until a patch is available.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence Platform