CVE-2023-33992

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 11, 2023

Updated: Jul 19, 2023

CWE ID 862

Summary

CVE-2023-33992 is a vulnerability affecting the SAP BW BICS communication layer in various versions of SAP Business Warehouse and SAP BW/4HANA. This issue exposes unauthorized cell values in the data response. While exploitation requires the user to have specific authorizations on the query and keyfigure/measure level, the missing check impacts only the data level, making it a potential security concern for affected systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP NetWeaver Business Warehouse
SAP BW/4HANA

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8yGPV
https://www.cve.org/CVERecord?id=CVE-2023-33992
https://nvd.nist.gov/vuln/detail/CVE-2023-33992

Back to Vulnerability Database