SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3307833 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2023-05-09T00:53:27.588Z
Updated: 2023-05-09T20:42:10.334Z
Reserved: 2023-03-23T04:20:27.699Z
Link: CVE-2023-28762
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-09T01:15:08.777
Modified: 2023-05-12T20:45:12.103
Link: CVE-2023-28762
JSON object: View
Redhat Information
No data.