Security Advisory

CVE-2023-36922

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-07-11 02:56:55

Last updated 2024-08-02 17:01:09

Assigner sap

State PUBLISHED

Description

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.

← Browse all CVEs View on cve.org ↗