CVE-2023-36917

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 11, 2023

Updated: Jul 18, 2023

CWE ID 307

Summary

CVE-2023-36917 is a vulnerability affecting the SAP BusinessObjects Business Intelligence Platform, specifically versions 420 and 430. An attacker who manages to hijack a user session can bypass the victim's old password through brute force, due to unlimited password change rate limits. Although this vulnerability does not lead to system availability issues or data integrity loss, it can result in the attacker taking over the victim's account entirely.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SAP Business Objects Business Intelligence

Affected Vendors

SAP SE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r8yGPO
https://www.cve.org/CVERecord?id=CVE-2023-36917
https://nvd.nist.gov/vuln/detail/CVE-2023-36917

Back to Vulnerability Database