CVE-2023-40622

{"id": "CVE-2023-40622", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2023-09-12T03:15:12.813", "references": [{"url": "https://me.sap.com/notes/3320355", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3320355", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability."}, {"lang": "es", "value": "SAP BusinessObjects Business Intelligence Platform (Promotion Management): las versiones 420, 430, bajo ciertas condiciones, permiten a un atacante autenticado ver informaci\u00f3n sensible que de otro modo estar\u00eda restringida. En una explotaci\u00f3n exitosa, el atacante puede comprometer completamente la aplicaci\u00f3n causando un alto impacto en la confidencialidad, integridad y disponibilidad."}], "lastModified": "2024-11-21T08:19:50.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}