Detections
Analytics
SAP BusinessObjects Business Intelligence Platform Information Disclosure (3302595)
medium Nessus Plugin ID 176209
Language:
Synopsis
The SAP business intelligence product installed on the remote Windows host is affected by information disclosure vulnerabilityDescription
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a information disclosure vulnerability. SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
Solution
See vendor advisory.See Also
Plugin Details
Severity: Medium
ID: 176209
File Name: sap_business_objects_bip_may_23_3302595.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 5/22/2023
Updated: 5/23/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-28764
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Temporal Score: 5.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:sap:businessobjects_business_intelligence_platform
Required KB Items: SMB/Registry/Enumerated, installed_sw/SAP BusinessObjects Business Intelligence Platform
Exploit Ease: No known exploits are available
Patch Publication Date: 5/8/2022
Vulnerability Publication Date: 5/8/2022
Reference Information
CVE: CVE-2023-28764
IAVA: 2023-A-0241