CVE-2023-28762

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-200
View all →

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.

Related Vulnerabilities

CVE-2016-7561

HIGH
CVSS:7.2(High)

Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.

CWE-2002016

CVE-2017-7738

HIGH
CVSS:7.2(High)

An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web porta...

CWE-2002017

CVE-2018-1000633

HIGH
CVSS:7.2(High)

The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's p...

CWE-2002018

CVE-2018-1074

HIGH
CVSS:7.2(High)

ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A H...

CWE-2002018

CVE-2018-13378

HIGH
CVSS:7.2(High)

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code.

CWE-2002018

CVE-2019-11407

HIGH
CVSS:7.2(High)

app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated adm...

CWE-2002019