CVE-2023-28764

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Platform versions 420, 430

Description The Information design tool in SAP BusinessObjects Platform transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.

Recommendations For versions 420 and 430, consider restricting access to the Information design tool to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the Information design tool for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.