CVE-2023-28764: Information Disclosure vulnerability in SAP BusinessObjects Platform
First published: Tue May 09 2023(Updated: )
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP BusinessObjects | =4.20 | |
| SAP BusinessObjects | =4.30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28764?
CVE-2023-28764 is a vulnerability in SAP BusinessObjects Platform versions 4.20 and 4.30.
What is the severity of CVE-2023-28764?
CVE-2023-28764 has a severity rating of medium.
How does CVE-2023-28764 impact SAP BusinessObjects Platform?
CVE-2023-28764 allows an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names.
Which versions of SAP BusinessObjects Platform are affected by CVE-2023-28764?
CVE-2023-28764 affects versions 4.20 and 4.30 of SAP BusinessObjects Platform.
How can I fix CVE-2023-28764?
To fix CVE-2023-28764, it is recommended to apply the necessary patches or updates provided by SAP BusinessObjects Platform.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/sap
- canonical/sap businessobjects
- version/sap businessobjects/4.20
- version/sap businessobjects/4.30