CVE-2023-25616
Last modified
CVE-2023-25616 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system. . EPSS estimates a 0.95% chance of exploitation in the next 30 days.
Description
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Business Objects Business Intelligence Platform | 420 |
| Sap | Business Objects Business Intelligence Platform | 430 |
References
- https://launchpad.support.sap.com/#/notes/3245526Permissions Required
- https://launchpad.support.sap.com/#/notes/3245526Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-25616?
How severe is CVE-2023-25616?
How do I fix CVE-2023-25616?
Are you affected by CVE-2023-25616?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST