cvedb.io
CVE-2023-28762
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2023-05-09T01:15:08.777 · Last modified 2026-06-17T05:48:42.847

Summary

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

Affected products

sap — businessobjects_business_intelligence

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.