CVE-2023-24530

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.6%

top 31.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Businessobjects Business Intelligence Platform (cmc)SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 14

Description

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform420, 430+1

▶CVEListV5sap/businessobjects_business_intelligence_platform_(cmc)420, 430+1

🔴Vulnerability Details

CVEList

CVE-2023-24530: SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be↗2023-02-14

▶

GHSA

GHSA-9446-84wg-9cw7: SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be↗2023-02-14

▶