9.9
CVE-2023-0022
- EPSS 0.85%
- Veröffentlicht 10.01.2023 04:15:10
- Zuletzt bearbeitet 21.11.2024 07:36:24
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginCode Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Businessobjects Business Intelligence Platform Version420 SwEditionanalysis SwPlatformolap
SAP ≫ Businessobjects Business Intelligence Platform Version430 SwEditionanalysis SwPlatformolap
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.744 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| cna@sap.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.