CVE-2023-36917
Summary
| CVE | CVE-2023-36917 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-07-11 03:15:00 UTC |
| Updated | 2023-07-18 17:01:00 UTC |
| Description | SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account. |
Risk And Classification
Problem Types: CWE-307
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Businessobjects Business Intelligence | 420 | All | All | All |
| Application | Sap | Businessobjects Business Intelligence | 430 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| me.sap.com/notes/3320702 | MISC | me.sap.com | |
| Access Denied | MISC | www.sap.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.