CVE-2023-25616

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform versions 420, 430

Description The issue is related to the incorrect neutralization of special elements in output, which can lead to code injection. This could allow a remote attacker to execute arbitrary code and gain unauthorized access to protected information. Successful exploitation could highly impact the confidentiality, integrity, and availability of the system.

Recommendations For versions 420 and 430, consider restricting access to the Program Object execution feature to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the Program Object execution feature until a fix is provided. Avoid using the vulnerable console until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.