SapCVE-2023-0022CVE-2023-0022
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
44.2%
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | businessobjects_business_intelligence_platform | 420 | cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:analysis:olap:*:* |
| sap | businessobjects_business_intelligence_platform | 430 | cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:analysis:olap:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)",
"product": "BusinessObjects Business Intelligence platform (Analysis edition for OLAP)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "420"
},
{
"status": "affected",
"version": "430"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
44.2%