Rewterz

Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs

March 15, 2023
Rewterz

Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs

March 16, 2023

Rewterz Threat Advisory – Multiple SAP BusinessObjects Business Intelligence Platform Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-27896 CVSS:6.5

SAP BusinessObjects Business Intelligence Platform is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause the application server to connect to its own CMS, and results in a denial of service condition.

CVE-2023-27894 CVSS:5

SAP BusinessObjects Business Intelligence platform could allow a remote authenticated attacker to obtain sensitive information, caused by improper validating CMS parameters. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-27271 CVSS:6.5

SAP BusinessObjects Business Intelligence Platform is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause the application server to connect to its own admintools, and results in a denial of service condition.

CVE-2023-25617 CVSS:9

SAP Business Objects Business Intelligence Platform could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2023-25616 CVSS:9.9

SAP Business Objects Business Intelligence Platform could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Denial of Service
  • Information Disclosure
  • Code Execution

Indicators Of Compromise

CVE

  • CVE-2023-27896
  • CVE-2023-27894
  • CVE-2023-27271
  • CVE-2023-25617
  • CVE-2023-25616

Affected Vendors

SAP

Affected Products

  • SAP BusinessObjects Business Intelligence Platform 420
  • SAP BusinessObjects Business Intelligence Platform 430

Remediation

Current SAP customers should refer to SAP note 3287120 for patch information, available from the SAP Web site (login required).  

SAP Website

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.