CVE-2023-33992

Published: Jul 11, 2023

Modified: Oct 29, 2024

PUBLISHED

CVSS v3.1

4.5

MEDIUM

Description

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.

Vendor	Product	Versions
SAP_SE	SAP Business Warehouse and SAP BW/4HANA	affected `SAP_BW 730` affected `SAP_BW 731` affected `SAP_BW 740` affected `SAP_BW 750` affected `DW4CORE 100` +2 more versions

Weaknesses (CWE)

CWE-862

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://me.sap.com/notes/3088078

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-33992

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References