CVE-2023-40622

CRITICAL

SAP BusinessObjects <430 - Info Disclosure

Title source: llm

Description

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3320355

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 9.9

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (2)

sap/businessobjects_business_intelligence 420

sap/businessobjects_business_intelligence 430

Published Sep 12, 2023

Tracked Since Feb 18, 2026