Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3038911 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2023-05-09T01:37:04.867Z
Updated: 2023-05-09T01:37:04.867Z
Reserved: 2023-04-27T18:29:50.455Z
Link: CVE-2023-31404
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-09T02:15:12.537
Modified: 2023-05-15T17:32:45.030
Link: CVE-2023-31404
JSON object: View
Redhat Information
No data.
CWE