CVE-2023-28762

CVSS V2 None CVSS V3 None

Description

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

Overview

CVE ID
CVE-2023-28762

Assigner
cna@sap.com

Vulnerability Status
Received

Published Version
2023-05-09T01:15:08

Last Modified Date
2023-05-09T01:15:08

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

References

Reference URL	Reference Tags
https://i7p.wdf.sap.corp/sap/support/notes/3307833
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-28762
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28762

History

Created	Old Value	New Value	Data Type	Notes
2023-05-09 02:00:30				Added to TrackCVE
2023-05-09 02:00:31			Weakness Enumeration	new