CVE-2023-40622

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420, 430

Description The issue is related to insufficient protection of service data, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. Under certain conditions, an authenticated attacker can view sensitive information that is otherwise restricted, potentially compromising the application.

Recommendations For versions 420 and 430, consider restricting access to sensitive information and implementing additional security measures to prevent unauthorized viewing of restricted data. As a temporary workaround, review and limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.