CVE-2023-25616

CRITICAL

SAP Business Objects Business Intelligence Platform 420, 430 - Code Injection via Program Object Execution

Title source: llm

Description

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact the confidentiality, Integrity, and Availability of the system.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3245526

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 9.9

EPSS 0.0064

EPSS Percentile 70.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-74

Status published

Products (2)

sap/business_objects_business_intelligence_platform 420

sap/business_objects_business_intelligence_platform 430

Published Mar 14, 2023

Tracked Since Feb 18, 2026