CVE Vulnerability

CVE-2023-0016

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/3275391 Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:sap:business_planning_and_consolidation:810:*:*:*:*:microsoft:*:*
cpe:2.3:a:sap:business_planning_and_consolidation:800:*:*:*:*:microsoft:*:*
Information

Published : 2023-01-10 04:15

Updated : 2023-01-18 08:28

NVD link : CVE-2023-0016

Mitre link : CVE-2023-0016

Products Affected

Sap

CWE
CWE-89