SAP Business Objects Web Intelligence (BI Launchpad) JSP Source Code Disclosure Vulnerability

SAP Business Objects Web Intelligence (BI Launchpad) JSP Source Code Disclosure Vulnerability

CVE-2021-33667 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.

Learn more about our Web App Pen Testing.