CVE-2023-28764

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
5.9MEDIUM
EPSS
0.4%
top 40.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Businessobjects PlatformSAP Businessobjects
Timeline
PublishedMay 9

Description

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDsap/businessobjects4.20, 4.30+1

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP BusinessObjects Platform2023-05-09
GHSA
GHSA-33w9-vc3g-2mjp: SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the networ2023-05-09
CVE-2023-28764 (MEDIUM CVSS 5.9) | SAP BusinessObjects Platform - vers | cvebase.io