CVE-2023-25617
SAP Cloud SDK for AI Python has OS Command Injection when Program Objects Execution is Enabled
8.8
HIGH
CVSS 3.1
EPSS 1.7%
描述
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.
如何修補 CVE-2023-25617
目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。
- —未列出修補版本
- —未列出修補版本
CVE-2023-25617 正在被利用嗎?
低 — EPSS 為 1.7%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, <= 3.3.0
- from 0, <= 420, <= 430
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |