The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.
History

Tue, 29 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-07-11T02:34:11.627Z

Updated: 2024-10-29T13:43:38.660Z

Reserved: 2023-05-24T20:41:32.835Z

Link: CVE-2023-33992

cve-icon Vulnrichment

Updated: 2024-08-02T15:54:14.204Z

cve-icon NVD

Status : Modified

Published: 2023-07-11T03:15:09.717

Modified: 2024-11-21T08:06:22.143

Link: CVE-2023-33992

cve-icon Redhat

No data.