PYSEC-2023-315

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/sap-ai-sdk-base/PYSEC-2023-315.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2023-315

Aliases

CVE-2023-25617

Published

2023-03-14T05:15:29.877Z

Modified

2026-05-20T09:19:17.045853Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.

References

Affected packages

PyPI / sap-ai-sdk-base

Package

Name: sap-ai-sdk-base; View open source insights on deps.dev
Purl: pkg:pypi/sap-ai-sdk-base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

None

None

None

None

Affected versions

3.*

3.1.2

3.1.3

3.1.6

3.2.0

3.2.3

3.4.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/sap-ai-sdk-base/PYSEC-2023-315.yaml"