CVE-2023-28764

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://i7p.wdf.sap.corp/sap/support/notes/3302595	Broken Link
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects:4.20:::::::*
	cpe:2.3:a:sap:businessobjects:4.30:::::::*

History

No history.

Information

Published : 2023-05-09 01:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-28764

Mitre link : CVE-2023-28764

CVE.ORG link : CVE-2023-28764

JSON object : View

Products Affected

sap

businessobjects

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2023-28764", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2023-05-09T01:15:08.863", "references": [{"url": "https://i7p.wdf.sap.corp/sap/support/notes/3302595", "tags": ["Broken Link"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.\n\n"}], "lastModified": "2023-05-12T20:44:32.040", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects:4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B943822-5002-4FA8-81C1-2174B519E060"}, {"criteria": "cpe:2.3:a:sap:businessobjects:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACFEFCB6-E0BF-4D9A-837C-1FF8635EA3FB"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}