CVE-2023-37489

MEDIUM

SAP BusinessObjects BI Platform 403 - Unauthenticated Info Disclosure via VMS

Title source: llm

Description

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3352453

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.3

EPSS 0.0043

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-209

Status published

Products (1)

sap/businessobjects_business_intelligence 430

Published Sep 12, 2023

Tracked Since Feb 18, 2026