CVE-2023-40623

Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

CVSS 6.2 MEDIUMEPSS 0.4%CWE-1386

In short

The SAP BusinessObjects Suite installer allows an attacker on the network to create a fake link to system files and delete them, breaking the system. This happens because the installer doesn't properly protect temporary directories.

Technical detail

CWE-1386 vulnerability in SAP BusinessObjects Suite installer (v420, v430) allows local network attackers to create directory junctions in temporary directories pointing to OS-critical paths, enabling arbitrary file deletion. Exploitation requires local or adjacent network access and compromises system availability and integrity through deletion of operating system files.

Summary generated and translated by AI from the official description.

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H

Affected products

SAP_SE · SAP BusinessObjects Suite (Installer)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://me.sap.com/notes/3317702 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html