Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-0022— Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

CVSS 9.9 · Critical EPSS 0.85% · P75
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-0022

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP BusinessObjects Analysis(Edition For Olap) 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP BusinessObjects Analysis(Edition For Olap)是德国思爱普(SAP)公司的一种查询和分析工具。用于分析组织的多维数据。 SAP BusinessObjects Analysis(Edition For Olap)存在代码注入漏洞,该漏洞源于其允许经过身份验证的攻击者注入可由应用程序通过网络执行的恶意代码导致攻击者可以执行可能完全破坏应用程序的操作,从而对应用程序的机密性、完整性和可用性造成严重影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SAPBusinessObjects Business Intelligence platform (Analysis edition for OLAP) 420 -

II. Public POCs for CVE-2023-0022

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-0022

登录查看更多情报信息。

Same Patch Batch · SAP · 2023-01-10 · 9 CVEs total

CVE-2023-001810.0 CRITICALCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat
CVE-2023-00169.9 CRITICALSQL Injection vulnerability in SAP Business Planning and Consolidation MS
CVE-2023-00179.4 CRITICALImproper access control in SAP NetWeaver AS for Java
CVE-2023-00149.0 CRITICALCapture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
CVE-2023-00126.4 MEDIUMLocal Privilege Escalation in SAP Host Agent (Windows)
CVE-2023-00136.1 MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
CVE-2023-00154.6 MEDIUMCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web
CVE-2023-00234.5 MEDIUMInformation Disclosure in SAP Bank Account Management (Manage Banks)

IV. Related Vulnerabilities

Same vendor: SAP
Same weakness: CWE-94

V. Comments for CVE-2023-0022

No comments yet

Leave a comment