Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the malicious user to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap businessobjects business intelligence 420 |
||
sap businessobjects business intelligence 430 |