Lucene search

SapCVELIST:CVE-2023-28764

HistoryMay 09, 2023 - 12:55 a.m.

CVE-2023-28764 Information Disclosure vulnerability in SAP BusinessObjects Platform

2023-05-0900:55:04

CWE-522

sap

www.cve.org

sap businessobjects

information disclosure

vulnerability

cleartext transmission

user credentials

domain names

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "420"
      },
      {
        "status": "affected",
        "version": "430"
      }
    ]
  }
]

References

i7p.wdf.sap.corp/sap/support/notes/3302595

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for CVELIST:CVE-2023-28764