CVE-2023-28762: Information Disclosure in SAP BusinessObjects Intelligence Platform

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-28762

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Information Disclosure in SAP BusinessObjects Intelligence Platform

Source: NVD (National Vulnerability Database)

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform是德国思爱普（SAP）公司的一款完备的商务分析平台。该平台集市场领先的 SAP 数据整合产品、数据管理产品和商务智能 (BI) 产品于一身，可消除系统集成难题，快速、轻松地部署高性能的商务分析软件。 SAP BusinessObjects Business Intelligence Platform 420版本、430版本存在信息泄露漏洞。攻击者利用该漏洞可以冒充平台上的任何用户，从而访问和修改数据。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP_SE	SAP BusinessObjects Intelligence Platform	420	-

II. Public POCs for CVE-2023-28762

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-28762

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: SAP_SE

Same weakness: CWE-200

V. Comments for CVE-2023-28762

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-28762

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-28762

III. Intelligence Information for CVE-2023-28762

IV. Related Vulnerabilities

V. Comments for CVE-2023-28762

Leave a comment