What is the vulnerability ID of this SAP BW BICS communication layer vulnerability?

The vulnerability ID is CVE-2023-33992.

What is the severity level of CVE-2023-33992?

The severity level of CVE-2023-33992 is medium with a severity value of 6.5.

Which SAP software versions are affected by CVE-2023-33992?

SAP Business Warehouse versions SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 750, Dw4CORE 100, Dw4CORE 200, and Dw4CORE 300 are affected by CVE-2023-33992.

What is the risk of CVE-2023-33992?

CVE-2023-33992 may expose unauthorized cell values to the data response.

Are there any fixes or patches available for CVE-2023-33992?

Please refer to the SAP Notes and documents provided at the following references: [SAP Note 3088078](https://me.sap.com/notes/3088078) and [SAP document](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).

Vulnerability/
CVE-2023-33992

medium

6.5

CWE

862

11/7/2023

29/10/2024

CVE-2023-33992: Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

First published: Tue Jul 11 2023(Updated: )

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
SAP Business Warehouse	=730
SAP Business Warehouse	=731
SAP Business Warehouse	=740
SAP Business Warehouse	=750
Sap Bw\/4hana	=100
Sap Bw\/4hana	=200
Sap Bw\/4hana	=300

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this SAP BW BICS communication layer vulnerability?
The vulnerability ID is CVE-2023-33992.
What is the severity level of CVE-2023-33992?
The severity level of CVE-2023-33992 is medium with a severity value of 6.5.
Which SAP software versions are affected by CVE-2023-33992?
SAP Business Warehouse versions SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 750, Dw4CORE 100, Dw4CORE 200, and Dw4CORE 300 are affected by CVE-2023-33992.
What is the risk of CVE-2023-33992?
CVE-2023-33992 may expose unauthorized cell values to the data response.
Are there any fixes or patches available for CVE-2023-33992?
Please refer to the SAP Notes and documents provided at the following references: [SAP Note 3088078](https://me.sap.com/notes/3088078) and [SAP document](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).

collector/nvd-latest
collector/nvd-api
collector/nvd-index
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/title
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/sap
canonical/sap business warehouse
version/sap business warehouse/730
version/sap business warehouse/731
version/sap business warehouse/740
version/sap business warehouse/750
canonical/sap bw\/4hana
version/sap bw\/4hana/100
version/sap bw\/4hana/200
version/sap bw\/4hana/300

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.