← voltar
CVE-2023-36922

OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

CVSS 9.1 CRITICALEPSS 0.7%CWE-78
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
SAP_SE · SAP ECC and SAP S/4HANA (IS-OIL)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3350297https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html