CVE-2023-25617
CVSS V2 None
CVSS V3 None
Description
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.
Overview
- CVE ID
- CVE-2023-25617
- Assigner
- cna@sap.com
- Vulnerability Status
- Modified
- Published Version
- 2023-03-14T05:15:29
- Last Modified Date
- 2023-04-11T22:15:08
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/3283438 | Permissions Required |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-25617 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25617 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:23:06 | Added to TrackCVE | |||
| 2023-04-17 06:23:08 | Weakness Enumeration | new |