CVE-2023-36922

CVSS V2 None CVSS V3 None
Description
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
Overview
  • CVE ID
  • CVE-2023-36922
  • Assigner
  • sap
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-07-11T02:56:55.299Z
  • Last Modified Date
  • 2023-12-09T16:39:50.007Z
History
Created Old Value New Value Data Type Notes
2024-06-25 17:00:49 Added to TrackCVE