CVE-2023-25616 — Injection in SAP Business Objects Business Intelligence Platform

CWE-74 — Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA9.9

EPSS

0.6%

top 29.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Business Objects Business Intelligence Platform

Timeline

PublishedMar 14

Description

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap/business_objects_business_intelligence_platform420, 430+1

▶NVDsap/business_objects_business_intelligence_platform420, 430+1

🔴Vulnerability Details

CVEList

Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)↗2023-03-14

▶

GHSA

GHSA-xgfr-99g3-7x24: In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection v↗2023-03-14

▶