Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated malicious user to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.