Vulnerabilities > CVE-2023-28762 - Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2023-05-09

Updated: 2023-05-12

Summary

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence 420 SAP Businessobjects Business Intelligence 430	2

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3307833