Insufficient verification of data authenticity in SAP BusinessObjects Business Intelligence suite - CVE-2023-37490
Published: August 9, 2023
Vulnerability identifier: #VU79275
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-37490
CWE-ID: CWE-345
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
SAP BusinessObjects Business Intelligence suite
SAP BusinessObjects Business Intelligence suite
Software vendor:
SAP
SAP
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing verification of data authenticity in SAP BusinessObjects Installer application. An attacker with control over the network share from which the application is being installed can replace files in temporary directory with malicious ones and compromise the affected system.
Remediation
Install updates from vendor's website.