CVE-2023-36922

Name of the Vulnerable Software and Affected Versions SAP ECC and SAP S/4HANA (affected versions not specified)

Description The issue is related to a programming error in the function module and report of the IS-OIL component, allowing an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common extension. Successful exploitation can enable the attacker to read or modify system data and shut down the system. The vulnerability is associated with the lack of measures to neutralize special elements, which can allow a remote attacker to execute an arbitrary command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.