Overview
- Description
- SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
- cna@sap.com
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BA0DF9-D893-4AF9-923E-E47EA5C02C52"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85CBCF48-5478-4EE5-8F69-6E59EFDB707D"
}
],
"operator": "OR"
}
]
}
]