Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
CVE-2023-40623
7.1HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 September 2023
What is CVE-2023-40623?
The SAP BusinessObjects Suite Installer versions 420 and 430 contain a directory traversal vulnerability that enables attackers within the same network to create a malicious directory in the temporary folder. This can lead to a link to critical operating system files, resulting in the potential deletion of these files. Consequently, the attacker can compromise system availability and impose limitations on data integrity.
Affected Version(s)
SAP BusinessObjects Suite (Installer) 420
SAP BusinessObjects Suite (Installer) 430