Unrated severityNVD Advisory· Published May 9, 2023· Updated Jan 28, 2025
Information Disclosure in SAP BusinessObjects Intelligence Platform
CVE-2023-28762
Description
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
Affected products
2420, 430+ 1 more
- (no CPE)range: 420, 430
- (no CPE)range: 420
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.