Lucene search
SapCVELIST:CVE-2023-27271HistoryMar 14, 2023 - 5:01 a.m.
CVE-2023-27271 Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform
2023-03-1405:01:07
CWE-918
sap
www.cve.org
cve-2023-27271
server side request forgery
web services
sap businessobjects
business intelligence platform
admintools
availability impact
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.1%
InΒ SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "BusinessObjects Business Intelligence Platform (Web Services)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "420"
},
{
"status": "affected",
"version": "430"
}
]
}
]Related
cve
cve
CVE-2023-27271
2023-03-14 06:15:11
prion
prion
Code injection
2023-03-14 06:15:00
nvd
nvd
CVE-2023-27271
2023-03-14 06:15:11
nessus
nessus
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
38.1%
Related for CVELIST:CVE-2023-27271