CVE-2023-0022

2023-01-1004:15:10

CWE-94

[email protected]

web.nvd.nist.gov

sap

businessobjects

business intelligence

analysis edition

olap

code injection

vulnerability

nvd

cve-2023-0022

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.0%

JSON

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application.

Affected configurations

NVD

Node

sapbusinessobjects_business_intelligence_platformMatch420analysisolap

sapbusinessobjects_business_intelligence_platformMatch430analysisolap

CPENameOperatorVersion
sap:businessobjects_business_intelligence_platformsap businessobjects business intelligence platformeq420
sap:businessobjects_business_intelligence_platformsap businessobjects business intelligence platformeq430

CPE	Name	Operator	Version
sap:businessobjects_business_intelligence_platform	sap businessobjects business intelligence platform	eq	420
sap:businessobjects_business_intelligence_platform	sap businessobjects business intelligence platform	eq	430

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)",
    "product": "BusinessObjects Business Intelligence platform (Analysis edition for OLAP)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "420"
      },
      {
        "status": "affected",
        "version": "430"
      }
    ]
  }
]