CVE-2023-39440

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence version 420

Description The issue is related to insufficient protection of internal data in SAP BusinessObjects Business Intelligence. Under specific conditions, when a user logs in to a particular program, memory might not be properly cleared, potentially allowing an attacker to access user credentials. A successful attack requires local access to the system and does not impact availability and integrity.

Recommendations For SAP BusinessObjects Business Intelligence version 420, consider restricting local access to the system to minimize the risk of exploitation until a patch is available. As a temporary workaround, ensure that all users log out properly after using the system to reduce the risk of credential exposure.