CVE-2023-24530

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (CMC) versions 420, 430

Description The issue allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application, causing high impact on confidentiality, integrity, and availability of the application.

Recommendations For versions 420 and 430, consider restricting access to the code upload feature for authenticated admin users until a patch is available. As a temporary workaround, consider implementing additional validation and verification for uploaded code to minimize the risk of exploitation. Restrict network access to the application to minimize the risk of remote exploitation.