Rewterz

Rewterz Threat Advisory –CVE-2023-27267 – SAP Diagnostics Agent Vulnerability

April 12, 2023
Rewterz

Rewterz Threat Advisory – CVE-2023-29186 – SAP NetWeaver Vulnerability

April 12, 2023

Rewterz Threat Advisory – CVE-2023-28765 – SAP BusinessObjects Business Intelligence Platform Vulnerability

Severity

High

Analysis Summary

CVE-2023-28765

SAP BusinessObjects Business Intelligence Platform could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain passwords information, and use this information to launch further attacks against the affected system.

Impact

  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2023-2876

Affected Vendors

SAP

Affected Products

  • SAP BusinessObjects Business Intelligence Platform 420
  • SAP BusinessObjects Business Intelligence Platform 430

Remediation

Current SAP customers should refer to SAP Security Advisory for patch information, available from the SAP Website (login required).

SAP Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.