CVE-2021-40497

MEDIUM

SAP BusinessObjects Analysis <430 - Info Disclosure

Title source: llm

Description

SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.

References (2)

[Permissions Required] https://launchpad.support.sap.com/#/notes/3098917

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 46.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (2)

sap/businessobjects_analysis

Timeline

Published Oct 12, 2021

Tracked Since Feb 18, 2026