Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33992

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.

Published

2023-07-11T03:15:09.717

Last Modified

2024-11-21T08:06:22.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	business_warehouse	730	Yes
Application	sap	business_warehouse	731	Yes
Application	sap	business_warehouse	740	Yes
Application	sap	business_warehouse	750	Yes
Application	sap	bw\/4hana	100	Yes
Application	sap	bw\/4hana	200	Yes
Application	sap	bw\/4hana	300	Yes

References

https://me.sap.com/notes/3088078 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://me.sap.com/notes/3088078 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)