SAP BO Suite Installer Dir Traversal / Delete OS Files
CVE-2023-40623 Published on September 12, 2023

Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
HIGH

Weakness Type

CWE-1386

Products Associated with CVE-2023-40623

Want to know whenever a new CVE is published for SAP Businessobjects? stack.watch will email you.

SAP Businessobjects
 

Affected Versions

SAP_SE SAP BusinessObjects Suite (Installer):

Exploit Probability

EPSS
0.15%
Percentile
36.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.