CVE-2023-28762

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*

History

12 May 2023, 20:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
References (MISC) https://launchpad.support.sap.com/#/notes/3307833 - (MISC) https://launchpad.support.sap.com/#/notes/3307833 - Permissions Required
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
CPE cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*
CWE CWE-200 NVD-CWE-noinfo

09 May 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-09 01:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-28762

Mitre link : CVE-2023-28762

CVE.ORG link : CVE-2023-28762


JSON object : View

Products Affected

sap

  • businessobjects_business_intelligence
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor