CVE-2023-28764

2023-05-0901:15:08

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023-28764

sap businessobjects

information security

network security

data transmission

cleartext transmission

confidentiality

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

Affected configurations

NVD

Node

sapbusinessobjectsMatch4.20

sapbusinessobjectsMatch4.30

CPENameOperatorVersion
sap:businessobjectssap businessobjectseq4.20
sap:businessobjectssap businessobjectseq4.30

CPE	Name	Operator	Version
sap:businessobjects	sap businessobjects	eq	4.20
sap:businessobjects	sap businessobjects	eq	4.30

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "420"
      },
      {
        "status": "affected",
        "version": "430"
      }
    ]
  }
]