Vulnerabilities > CVE-2023-25617 - Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

NVD

Published: 2023-03-14

Updated: 2024-11-21

Summary

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Business Objects Business Intelligence Platform 430 SAP Business Objects Business Intelligence Platform 420	2

References

https://launchpad.support.sap.com/#/notes/3283438
https://launchpad.support.sap.com/#/notes/3283438
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html