Lucene search

[email protected]NVD:CVE-2023-40623

HistorySep 12, 2023 - 3:15 a.m.

CVE-2023-40623

2023-09-1203:15:13

CWE-1386

[email protected]

web.nvd.nist.gov

cve-2023-40623

directory manipulation

operating system compromise

network attacker

system availability

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

32.4%

JSON

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

Affected configurations

Nvd

Node

sapbusinessobjectsMatch420-

sapbusinessobjectsMatch430-

VendorProductVersionCPE
sapbusinessobjects420cpe:2.3:a:sap:businessobjects:420:*:*:*:-:*:*:*
sapbusinessobjects430cpe:2.3:a:sap:businessobjects:430:*:*:*:-:*:*:*

Vendor	Product	Version	CPE
sap	businessobjects	420	cpe:2.3:a:sap:businessobjects:420::::-:::
sap	businessobjects	430	cpe:2.3:a:sap:businessobjects:430::::-:::

References

me.sap.com/notes/3317702

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

32.4%

JSON

Related for NVD:CVE-2023-40623

prion1 cvelist1 vulnrichment1 cve1