Binary hijack in SAP BusinessObjects Business Intelligence (Installer)
CVE-2023-37490
9CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 August 2023
What is CVE-2023-37490?
The SAP Business Objects Installer, specifically in versions 420 and 430, contains a vulnerability that allows an authenticated attacker on the same network to replace an executable file located in a temporary directory during the installation process. By exploiting this vulnerability, an attacker can substitute the legitimate file with a malicious one, potentially leading to a complete compromise of the system’s confidentiality, integrity, and availability.
Affected Version(s)
SAP BusinessObjects Business Intelligence (Installer) 420
SAP BusinessObjects Business Intelligence (Installer) 430