CVE-2023-31404

MEDIUM

SAP BusinessObjects <430 - Info Disclosure

Title source: llm

Description

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://launchpad.support.sap.com/#/notes/3038911

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.0

EPSS 0.0032

EPSS Percentile 55.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

sap/businessobjects_business_intelligence 420

sap/businessobjects_business_intelligence 430

Published May 09, 2023

Tracked Since Feb 18, 2026