CVE-2023-28762

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform versions 420, 430

Description The issue allows an authenticated attacker with administrator privileges to obtain the login token of any logged-in BI user over the network without any user interaction. This enables the attacker to impersonate any user on the platform, resulting in access and modification of data. Additionally, the attacker can make the system partially or entirely unavailable.

Recommendations For SAP BusinessObjects Business Intelligence Platform versions 420, 430, consider restricting administrator privileges to minimize the risk of exploitation. As a temporary workaround, limit the access to the platform's network to prevent unauthorized token acquisition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.