Unrated severityNVD Advisory· Published Sep 12, 2023· Updated Sep 25, 2024
Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)
CVE-2023-40623
Description
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.
Affected products
2>= 420, <= 430+ 1 more
- (no CPE)range: >= 420, <= 430
- (no CPE)range: 420
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.