CVE-2023-25616

SAP Business Objects Business Intelligence Platform, versions 420, 430, is subject to a code injection vulnerability which allows an attacker to gain access to resources that are normally allowed only when a user has extra privileges. The impact on Confidentiality, Integrity, and Availability of the system is high.

CVE-2023-23857

SAP NetWeaver AS for Java, version 7.50, allows an unauthenticated attacker to use an open naming and directory API to access services which can be used to perform unauthorized operations that impact users and services across systems.

Upon successful exploitation of this vulnerability, the attacker can read and modify sensitive information. Additionally, this flaw can be used to lock up any element or operation of the system making it unavailable, creating a denial-of-service situation where Availability is highly impacted.  

CVE-2023-27269

SAP NetWeaver Application Server for ABAP and ABAP Platform, versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker that does not have administrative rights to exploit a directory traversal flaw to overwrite the system files. No data can be read but critical OS files can be overwritten which has a high impact on Integrity and Availability.  

CVE-2023-27500

An attacker with no administrative rights can exploit a directory traversal flaw in SAPRSBRO to overwrite system files. No data can be read but critical OS files can be overwritten which has a high impact on Integrity and Availability.

CVE-2023-25617

SAP Business Object (Adaptive Job Server), versions 420, 430, allows an attacker to execute commands remotely when program objects execution is enabled to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. This flaw has a high impact on Confidentiality, Integrity, and Availability.