exploitDog

CVE-2023-37489

Опубликовано: 12 сент. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

Ссылки

https://me.sap.com/notes/3352453
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://me.sap.com/notes/3352453
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00164

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-209

Связанные уязвимости

GHSA-h382-4j66-7v4w

CVSS3: 5.3

github

больше 2 лет назад

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.

EPSS

Процентиль: 37%

0.00164

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-209