CVE Vulnerabilities

CVE-2023-28762

Published: May 09, 2023 | Modified: May 12, 2023
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

Affected Software

Name Vendor Start Version End Version
Businessobjects_business_intelligence Sap 420 (including) 420 (including)
Businessobjects_business_intelligence Sap 430 (including) 430 (including)

References