CVE-2023-36917
Last modified
CVE-2023-36917 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account. . EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects Business Intelligence | 420 |
| Sap | Businessobjects Business Intelligence | 430 |
References
- https://me.sap.com/notes/3320702Permissions Required
- https://me.sap.com/notes/3320702Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-36917?
How severe is CVE-2023-36917?
How do I fix CVE-2023-36917?
Are you affected by CVE-2023-36917?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST