CVE-2021-40497
First published: Tue Oct 12 2021(Updated: )
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP BusinessObjects | =420 | |
| SAP BusinessObjects | =430 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-40497?
CVE-2021-40497 has a medium severity rating, indicating a moderate risk of exposure to sensitive data.
How do I fix CVE-2021-40497?
To fix CVE-2021-40497, ensure that you apply the latest security patches provided by SAP for versions 420 and 430.
Which versions of SAP BusinessObjects Analysis are affected by CVE-2021-40497?
CVE-2021-40497 affects SAP BusinessObjects Analysis versions 420 and 430.
What types of data can be exposed through CVE-2021-40497?
CVE-2021-40497 can lead to the exposure of system-specific data and sensitive information via exploited application endpoints.
Is there a workaround for CVE-2021-40497?
As of now, the best course of action is to apply the recommended updates or patches, as there are no official workarounds provided.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap businessobjects
- version/sap businessobjects/420
- version/sap businessobjects/430