Auth Bypass in SAP Business Objects Installer Allows Executable Overwrite
CVE-2023-37490 Published on August 8, 2023
Binary hijack in SAP BusinessObjects Business Intelligence (Installer)
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system
Vulnerability Analysis
Weakness Type
What is a DLL preloading Vulnerability?
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2023-37490 has been classified to as a DLL preloading vulnerability or weakness.
Products Associated with CVE-2023-37490
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence? stack.watch will email you.
Affected Versions
SAP_SE SAP BusinessObjects Business Intelligence (Installer):- Version 420 is affected.
- Version 430 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.