CVE-2023-27271

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 42.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Businessobjects Business Intelligence Platform (web Services)SAP Businessobjects Business Intelligence Platform

Timeline

PublishedMar 14

Description

In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap/businessobjects_business_intelligence_platform_(web_services)420, 430+1

▶NVDsap/businessobjects_business_intelligence_platform420, 430+1

🔴Vulnerability Details

GHSA

GHSA-vh2w-9ggj-ccrm: In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the↗2023-03-14

▶

CVEList

Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform↗2023-03-14

▶