SAP BusinessObjects BI Platform VMS Unauthenticated Code Snippet Exposure
CVE-2023-37489 Published on September 12, 2023

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

NVD

Vulnerability Analysis

CVE-2023-37489 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.


Products Associated with CVE-2023-37489

stack.watch emails you whenever new vulnerabilities are published in SAP Businessobjects Business Intelligence or SAP Businessobjects. Just hit a watch button to start following.

SAP Businessobjects Business Intelligence
 
SAP Businessobjects
 

Affected Versions

SAP_SE SAP BusinessObjects Business Intelligence Platform (Version Management System) Version 430 is affected by CVE-2023-37489

Exploit Probability

EPSS
0.16%
Percentile
37.16%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.