Description
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-29557 | SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system. |
Github GHSA |
GHSA-xxhh-59gh-6ffx | SAP Cloud SDK for AI Python has OS Command Injection when Program Objects Execution is Enabled |
References
History
Tue, 04 Mar 2025 03:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: sap
Published:
Updated: 2025-02-27T18:07:16.954Z
Reserved: 2023-02-09T13:30:50.223Z
Link: CVE-2023-25617
Updated: 2024-08-02T11:25:19.328Z
Status : Modified
Published: 2023-03-14T05:15:29.877
Modified: 2026-06-17T05:41:37.540
Link: CVE-2023-25617
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
EUVD
Github GHSA