CVE-2023-0016

2023-01-1004:15:09

CWE-89

[email protected]

web.nvd.nist.gov

sap

bpc

sql injection

vulnerability

database access

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

36.9%

JSON

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.

Affected configurations

Nvd

Node

sapbusiness_planning_and_consolidationMatch800microsoft

sapbusiness_planning_and_consolidationMatch810microsoft

VendorProductVersionCPE
sapbusiness_planning_and_consolidation800cpe:2.3:a:sap:business_planning_and_consolidation:800:*:*:*:*:microsoft:*:*
sapbusiness_planning_and_consolidation810cpe:2.3:a:sap:business_planning_and_consolidation:810:*:*:*:*:microsoft:*:*

Vendor	Product	Version	CPE
sap	business_planning_and_consolidation	800	cpe:2.3:a:sap:business_planning_and_consolidation:800:::::microsoft::
sap	business_planning_and_consolidation	810	cpe:2.3:a:sap:business_planning_and_consolidation:810:::::microsoft::