CVE-2023-37490

Name of the Vulnerable Software and Affected Versions SAP Business Objects Installer versions 420, 430

Description The issue is related to an uncontrolled search path element in the SAP BusinessObjects Business Intelligence platform installer. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information by substituting an executable file. An authenticated attacker within the network can overwrite an executable file created in a temporary directory during the installation process, potentially compromising the system.

Recommendations For versions 420 and 430, consider restricting access to the temporary directory used during the installation process to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the installer on untrusted networks to reduce the risk of an authenticated attacker overwriting executable files. Restrict network access to the installer to only trusted users to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.