CVE-2023-28764

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://i7p.wdf.sap.corp/sap/support/notes/3302595	Broken Link
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
https://i7p.wdf.sap.corp/sap/support/notes/3302595	Broken Link
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects:4.20:::::::*
	cpe:2.3:a:sap:businessobjects:4.30:::::::*

History

21 Nov 2024, 07:55

Type	Values Removed	Values Added
References	~~() https://i7p.wdf.sap.corp/sap/support/notes/3302595 - Broken Link~~	() https://i7p.wdf.sap.corp/sap/support/notes/3302595 - Broken Link
References	~~() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory~~	() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.9~~	v2 : unknown v3 : 3.7

Information

Published : 2023-05-09 01:15

Updated : 2024-11-21 07:55

NVD link : CVE-2023-28764

Mitre link : CVE-2023-28764

CVE.ORG link : CVE-2023-28764

JSON object : View

Products Affected

sap

businessobjects

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2023-28764", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-05-09T01:15:08.863", "references": [{"url": "https://i7p.wdf.sap.corp/sap/support/notes/3302595", "tags": ["Broken Link"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://i7p.wdf.sap.corp/sap/support/notes/3302595", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.\n\n"}], "lastModified": "2024-11-21T07:55:57.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects:4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B943822-5002-4FA8-81C1-2174B519E060"}, {"criteria": "cpe:2.3:a:sap:businessobjects:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACFEFCB6-E0BF-4D9A-837C-1FF8635EA3FB"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}