Missing Authentication Check in SAP Business Objects Business Intelligence Platform (Web Intelligence) Allows Unauthorized Modification of Restricted Data Source Information

Missing Authentication Check in SAP Business Objects Business Intelligence Platform (Web Intelligence) Allows Unauthorized Modification of Restricted Data Source Information

CVE-2022-41263 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.

Learn more about our Web App Pen Testing.