CVE-2023-28765

Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )

CVSS 9.8 CRITICALEPSS 14.9%CWE-200

In short

An attacker with basic access to SAP BusinessObjects BI Platform can steal encrypted files and decrypt them to obtain user passwords, potentially taking full control of the system depending on the compromised user's permissions.

Technical detail

CWE-200 information disclosure vulnerability in SAP BusinessObjects BI Platform Promotion Management (versions 420, 430) allows low-privileged attackers to access and decrypt lcmbiar files containing BI user credentials. Successful exploitation enables lateral movement and privilege escalation based on compromised user roles, potentially leading to complete application compromise.

Summary generated and translated by AI from the official description.

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

SAP · BusinessObjects Business Intelligence Platform (Promotion Management)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/3298961 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html