Lucene search

[email protected]NVD:CVE-2023-24530

HistoryFeb 14, 2023 - 4:15 a.m.

CVE-2023-24530

2023-02-1404:15:13

CWE-434

[email protected]

web.nvd.nist.gov

sap

businessobjects

admin

upload

malicious code

remote execution

confidentiality

integrity

availability

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.

Affected configurations

NVD

Node

sapbusinessobjects_business_intelligence_platformMatch420

sapbusinessobjects_business_intelligence_platformMatch430

References

launchpad.support.sap.com/#/notes/3256787

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for NVD:CVE-2023-24530

cve1 nessus1 cvelist1 prion1