MEDIUM🇵🇱 Wersja polska

CVE-2023-40623

CVSS 6.2v3.1pub. 2023-09-12upd. 2024-11-21

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H
  • Sap Businessobjects

    APP
    Sap
    420430
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-0259CRITICAL9.8ten sam produkt

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (includin...

CVE-2022-28214HIGH7.8ten sam produkt

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authe...

CVE-2019-0287HIGH7.6ten sam produkt

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versi...

CVE-2019-0289HIGH7.1ten sam produkt

Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 ...

CVE-2018-2408HIGH7.3ten sam produkt

Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorifi...