April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs
March 15, 2023Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
March 16, 2023Rewterz Threat Alert -New Golang-Based Botnet GoBruteforcer Breaches Web Servers – Active IOCs
March 15, 2023Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
March 16, 2023
Severity
High
Analysis Summary
CVE-2023-27896 CVSS:6.5
SAP BusinessObjects Business Intelligence Platform is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause the application server to connect to its own CMS, and results in a denial of service condition.
CVE-2023-27894 CVSS:5
SAP BusinessObjects Business Intelligence platform could allow a remote authenticated attacker to obtain sensitive information, caused by improper validating CMS parameters. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-27271 CVSS:6.5
SAP BusinessObjects Business Intelligence Platform is vulnerable to a denial of service, caused by improper access control. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause the application server to connect to its own admintools, and results in a denial of service condition.
CVE-2023-25617 CVSS:9
SAP Business Objects Business Intelligence Platform could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an OS command injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-25616 CVSS:9.9
SAP Business Objects Business Intelligence Platform could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Denial of Service
- Information Disclosure
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-27896
- CVE-2023-27894
- CVE-2023-27271
- CVE-2023-25617
- CVE-2023-25616
Affected Vendors
SAP
Affected Products
- SAP BusinessObjects Business Intelligence Platform 420
- SAP BusinessObjects Business Intelligence Platform 430
Remediation
Current SAP customers should refer to SAP note 3287120 for patch information, available from the SAP Web site (login required).
