CVE-2023-25617

Name of the Vulnerable Software and Affected Versions SAP Business Object (Adaptive Job Server) versions 420, 430

Description The issue allows remote execution of arbitrary commands on Unix systems when program objects execution is enabled. This can be done by authenticated users with scheduling rights using the BI Launchpad, Central Management Console, or a custom application based on the public Java SDK. The exploitation of this issue could impact the confidentiality, integrity, and availability of the system.

Recommendations For versions 420 and 430, consider disabling program objects execution until a patch is available to prevent remote execution of arbitrary commands. Restrict access to the BI Launchpad and Central Management Console to minimize the risk of exploitation. Avoid using custom applications based on the public Java SDK that could be used to exploit this issue until a fix is applied. As a temporary workaround, consider limiting the scheduling rights of authenticated users to reduce the potential impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.