SAP BusinessObjects CMC allows an unauthenticated malicious user to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap businessobjects business intelligence platform 420 |
||
sap businessobjects business intelligence platform 430 |