CRITICAL🇬🇧 English

CVE-2023-28765

CVSS 9.8v3.1pub. 2023-04-11upd. 2024-11-21

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sap Businessobjects Business Intelligence

    APP
    Sap
    420430
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-40622CRITICAL9.9ten sam produkt

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain c...

CVE-2023-28762CRITICAL9.1ten sam produkt

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with ...

CVE-2018-2445CRITICAL9.6ten sam produkt

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate t...

CVE-2025-23192HIGH8.2ten sam produkt

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store...

CVE-2024-37179HIGH7.7ten sam produkt

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted re...