CVE-2023-37490

Summary

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects Business Intelligence (Installer)420affected
SAP_SESAP BusinessObjects Business Intelligence (Installer)430affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CVE Program Container

Additional References

References