CVE-2021-33667

Summary

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Objects Web Intelligence (BI Launchpad)< 420affected
SAP SESAP Business Objects Web Intelligence (BI Launchpad)< 430affected

Weaknesses

  • Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References