Vulnerabilities > CVE-2023-37490 - Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430

CVSS 9.0 - CRITICAL

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

sap

critical

NVD

Published: 2023-08-08

Updated: 2024-11-21

Summary

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence 420 SAP Businessobjects Business Intelligence 430	2

References

https://me.sap.com/notes/3317710
https://me.sap.com/notes/3317710
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html