CVE-2023-28764 LOW

CVE-2023-28764: Information Disclosure vulnerability in SAP BusinessObjects Platform

Vendor Sap_Se
Product SAP BusinessObjects Platform
Weakness CWE-522 · Insufficiently protected credentials
Published May 9, 2023
Last update January 28, 2025

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

Key dates

02Disclosure timeline

May 9, 2023 CVE published
January 28, 2025 Record updated