Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform
CVE-2023-27271

7.5HIGH

Key Information:

Vendor: SAP
Status: BusinessObjects Business Intelligence Platform (Web Services)
Vendor: CVE Published:; 14 March 2023

Summary

A vulnerability exists in the SAP BusinessObjects Business Intelligence Platform that allows an attacker to take control of a malicious BOE server. This manipulation forces the application server to establish connections to its own administrative tools, leading to significant disruptions in system availability. The affected versions, 420 and 430, are particularly susceptible, making it crucial for users to address this issue promptly.

Affected Version(s)

BusinessObjects Business Intelligence Platform (Web Services) 420

BusinessObjects Business Intelligence Platform (Web Services) 430

References

https://launchpad.support.sap.com/#/notes/3287120

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Feb 27, 2023