CVE-2023-0022

{"id": "CVE-2023-0022", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-10T04:15:10.080", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3262810", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/3262810", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application."}, {"lang": "es", "value": "SAP BusinessObjects Business Intelligence Analysis edition for OLAP permite a un atacante autenticado inyectar c\u00f3digo malicioso que la aplicaci\u00f3n puede ejecutar a trav\u00e9s de la red. Si la explotaci\u00f3n tiene \u00e9xito, un atacante puede realizar operaciones que pueden comprometer completamente la aplicaci\u00f3n y causar un alto impacto en la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T07:36:24.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:analysis:olap:*:*", "vulnerable": true, "matchCriteriaId": "0DADEB14-CCB0-4D17-BC3F-224402579BF5"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:analysis:olap:*:*", "vulnerable": true, "matchCriteriaId": "BB42F6BB-3C80-4E9E-AF11-E823152E60F2"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}