CVE-2023-28764

Information Disclosure vulnerability in SAP BusinessObjects Platform

CVSS 3.7 LOWEPSS 0.5%CWE-522

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 3.7EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

09 May 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

SAP_SE · SAP BusinessObjects Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://i7p.wdf.sap.corp/sap/support/notes/3302595 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html