First published: Tue Aug 08 2023(Updated: )
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects Business Intelligence Platform | =420 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this SAP BusinessObjects Business Intelligence vulnerability is CVE-2023-39440.
The severity level of CVE-2023-39440 is medium with a severity value of 4.4.
Version 420 of SAP BusinessObjects Business Intelligence is affected by CVE-2023-39440.
An attacker can exploit CVE-2023-39440 by logging in to a particular program under certain conditions to gain access to user credentials.
Yes, you can find more information about CVE-2023-39440 at the following references: [Link 1](https://me.sap.com/notes/3312586) and [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).