Lucene search
SapCVELIST:CVE-2023-27271HistoryMar 14, 2023 - 5:01 a.m.
CVE-2023-27271 Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform
2023-03-1405:01:07
CWE-918
sap
www.cve.org
4
cve-2023-27271
server side request forgery
web services
sap businessobjects
business intelligence platform
admintools
availability impact
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
41.3%
InΒ SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "BusinessObjects Business Intelligence Platform (Web Services)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "420"
},
{
"status": "affected",
"version": "430"
}
]
}
]Related
prion
prion
Code injection
2023-03-14 06:15:00
nvd
nvd
CVE-2023-27271
2023-03-14 06:15:11
cve
cve
CVE-2023-27271
2023-03-14 06:15:11
nessus
nessus
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
41.3%
Related for CVELIST:CVE-2023-27271