Lucene search

[email protected]NVD:CVE-2023-36922

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36922

2023-07-1103:15:10

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-36922

programming error

function module

report

authenticated attacker

operating system command injection

unprotected parameter

data manipulation

system shutdown

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.

Affected configurations

NVD

Node

sapnetweaverMatch600

sapnetweaverMatch602

sapnetweaverMatch603

sapnetweaverMatch604

sapnetweaverMatch605

sapnetweaverMatch606

sapnetweaverMatch617

sapnetweaverMatch618

sapnetweaverMatch800

sapnetweaverMatch802

sapnetweaverMatch803

sapnetweaverMatch804

sapnetweaverMatch805

sapnetweaverMatch806

sapnetweaverMatch807

References

me.sap.com/notes/3350297

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.7%

JSON

Related for NVD:CVE-2023-36922

cvelist1 prion1 cve1