VYPR
Unrated severityNVD Advisory· Published Sep 12, 2023· Updated Sep 25, 2024

Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

CVE-2023-40623

Description

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.