CVE-2023-25617

OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

CVSS 9 CRITICALEPSS 0.9%CWE-78

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Mar 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products

SAP · Business Objects (Adaptive Job Server)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/3283438 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html