CVE-2023-33992
Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-24 CVE Reserved
- 2023-07-11 CVE Published
- 2024-07-17 EPSS Updated
- 2024-10-29 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-07-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Business Warehouse Search vendor "Sap" for product "Business Warehouse" | 730 Search vendor "Sap" for product "Business Warehouse" and version "730" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Warehouse Search vendor "Sap" for product "Business Warehouse" | 731 Search vendor "Sap" for product "Business Warehouse" and version "731" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Warehouse Search vendor "Sap" for product "Business Warehouse" | 740 Search vendor "Sap" for product "Business Warehouse" and version "740" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Business Warehouse Search vendor "Sap" for product "Business Warehouse" | 750 Search vendor "Sap" for product "Business Warehouse" and version "750" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Bw\/4hana Search vendor "Sap" for product "Bw\/4hana" | 100 Search vendor "Sap" for product "Bw\/4hana" and version "100" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Bw\/4hana Search vendor "Sap" for product "Bw\/4hana" | 200 Search vendor "Sap" for product "Bw\/4hana" and version "200" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Bw\/4hana Search vendor "Sap" for product "Bw\/4hana" | 300 Search vendor "Sap" for product "Bw\/4hana" and version "300" | - |
Affected
| ||||||