CVE-2021-40497

Published: Oct 12, 2021Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.

Affected (2)

Products: Sap: Businessobjects Analysis

1 product

Businessobjects Analysis

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Analysis	Version 420
Sap Businessobjects Analysis	Version 430

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (4)

https://launchpad.support.sap.com/#/notes/3098917

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3098917

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.