Lucene search

[email protected]NVD:CVE-2023-42472

HistorySep 12, 2023 - 2:15 a.m.

CVE-2023-42472

2023-09-1202:15:13

CWE-434

[email protected]

web.nvd.nist.gov

insufficient file validation

sap businessobjects

business intelligence platform

file upload

network vulnerability

confidentiality impact

integrity impact

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.

Affected configurations

NVD

Node

sapbusinessobjects_business_intelligence_platformMatch420

References

me.sap.com/notes/3370490

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.6%

JSON

Related for NVD:CVE-2023-42472

prion1 cvelist1 cve1