RCE in Sap Businessobjects_business_intelligence_platform
CVE-2023-0022
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform ope…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.007 (50.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Sap Businessobjects_business_intelligence_platform — versions 420, 430
- Sap Businessobjects Business Intelligence Platform (Analysis Edition For Olap) — versions 420, 430
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required, Vendor Advisory)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-0022?
- CVE-2023-0022 is a critical-severity vulnerability in Sap Businessobjects_business_intelligence_platform, classified under Code Injection. CVSS score: 9.9/10. Published 2023-01-10.
- How severe is CVE-2023-0022?
- Critical severity. CVSS v3 base score is 9.9 out of 10.