← Zuruck zu CVEs
CVE-2023-28762
CRITICAL9.1
Beschreibung
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
CVE Details
CVSS v3.1 Bewertung9.1
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht5/9/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sap:businessobjects_business_intelligence
Schwachen (CWE)
CWE-200
Referenzen
https://launchpad.support.sap.com/#/notes/3307833(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3307833(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.