Описание
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:business_warehouse:710:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:711:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:730:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_warehouse:782:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00417
Низкий
6.5 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
EPSS
Процентиль: 61%
0.00417
Низкий
6.5 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862