SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-05-09T00:53:27.588Z

Updated: 2024-08-02T13:51:37.301Z

Reserved: 2023-03-23T04:20:27.699Z

Link: CVE-2023-28762

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-09T01:15:08.777

Modified: 2024-11-21T07:55:57.293

Link: CVE-2023-28762

cve-icon Redhat

No data.