Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SAP_BUSINESS_OBJECTS_BIP_CVE-2023-28765.NASLHistoryApr 12, 2023 - 12:00 a.m.
SAP BusinessObjects Business Intelligence Platform < 420, 430 Information Disclosure (3298961)
2023-04-1200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
sap
information disclosure
vulnerability
promotion management
lcmbiar file
windows host
privileges
nessus
bi platform
0.002 Low
EPSS
Percentile
56.8%
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 420, 430. It is, therefore, affected by an information disclosure vulnerability. An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(174174);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/14");
script_cve_id("CVE-2023-28765");
script_xref(name:"IAVA", value:"2023-A-0192");
script_name(english:"SAP BusinessObjects Business Intelligence Platform < 420, 430 Information Disclosure (3298961)");
script_set_attribute(attribute:"synopsis", value:
"SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by an information disclosure vulnerability");
script_set_attribute(attribute:"description", value:
"The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to
420, 430. It is, therefore, affected by an information disclosure vulnerability. An attacker with basic privileges in
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to
lcmbiar file and further decrypt the file. After this attacker can gain access to BI user's passwords and depending on
the privileges of the BI user, the attacker can perform operations that can completely compromise the application.
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
self-reported version number.");
# https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18f404d5");
script_set_attribute(attribute:"see_also", value:"https://launchpad.support.sap.com/#/notes/3298961");
script_set_attribute(attribute:"solution", value:
"See vendor advisories.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28765");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:businessobjects_business_intelligence_platform");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_business_objects_intelligence_platform_win_installed.nbin");
script_require_keys("installed_sw/SAP BusinessObjects Business Intelligence Platform", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
var app_info = vcf::get_app_info(app:'SAP BusinessObjects Business Intelligence Platform', win_local:TRUE);
# https://launchpad.support.sap.com/#/notes/0001602088 for translations
# Advisory shows 4.2 SP009 001400 but there is no info for it in the above link, using 4.2 SP009 001300 instead
# Advisory shows SP004 but there is no info for SP004 in the above link
var constraints = [
{ 'min_version': '14.2', 'fixed_version' : '14.2.9.4527', 'fixed_display': '4.2 SP009 001300'},
{ 'min_version': '14.3', 'fixed_version' : '14.3.2.4121', 'fixed_display': '4.3 SP002 000100'},
{ 'min_version': '14.3.3', 'fixed_version' : '14.3.3.4548', 'fixed_display': '4.3 SP003 000200'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | businessobjects_business_intelligence_platform | cpe:/a:sap:businessobjects_business_intelligence_platform |
Related
cve
cve
CVE-2023-28765
2023-04-11 03:15:07
cnvd
cnvd
prion
prion
Code injection
2023-04-11 03:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-28765
2023-04-11 03:15:07