CVE-2023-28762 — Sensitive Information Exposure in SE SAP Businessobjects Intelligence Platform

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.2HIGHNVD

CNA9.1

EPSS

0.2%

top 56.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedMay 9

Description

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_intelligence_platform420, 430+1

▶NVDsap/businessobjects_business_intelligence420, 430+1

🔴Vulnerability Details

CVEList

Information Disclosure in SAP BusinessObjects Intelligence Platform↗2023-05-09

▶

GHSA

GHSA-gxjj-x2hp-4vcx: SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the logi↗2023-05-09

▶