9
CVE-2023-37490
- EPSS 0.24%
- Veröffentlicht 08.08.2023 01:15:18
- Zuletzt bearbeitet 21.11.2024 08:11:49
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Binary hijack in SAP BusinessObjects Business Intelligence (Installer)
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Businessobjects Business Intelligence Version420
SAP ≫ Businessobjects Business Intelligence Version430
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.15 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9 | 2.3 | 6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| cna@sap.com | 7.6 | 0.9 | 6 |
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-427 Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3317710