Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform
CVE-2023-27271

6.5MEDIUM

Key Information:

Vendor: SAP
Status: Businessobjects Business Intelligence Platform (web Services)
Vendor: CVE Published:; 14 March 2023

What is CVE-2023-27271?

A vulnerability exists in the SAP BusinessObjects Business Intelligence Platform that allows an attacker to take control of a malicious BOE server. This manipulation forces the application server to establish connections to its own administrative tools, leading to significant disruptions in system availability. The affected versions, 420 and 430, are particularly susceptible, making it crucial for users to address this issue promptly.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BusinessObjects Business Intelligence Platform (Web Services) 420

BusinessObjects Business Intelligence Platform (Web Services) 430

References

https://launchpad.support.sap.com/#/notes/3287120

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Feb 27, 2023

JSON

SAP

What is CVE-2023-27271?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.