CVE-2023-37490

CRITICAL Year: 2023
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-427
View all →

Vulnerability Description

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system

Related Vulnerabilities

CVE-2017-7966

HIGH
CVSS:8.8(High)

A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exi...

CWE-4272017

CVE-2020-10616

HIGH
CVSS:8.8(High)

Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.

CWE-4272020

CVE-2020-15663

HIGH
CVSS:8.8(High)

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Servi...

CWE-4272020

CVE-2021-3840

HIGH
CVSS:8.8(High)

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in ...

CWE-4272021

CVE-2022-4313

HIGH
CVSS:8.8(High)

A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to...

CWE-4272022

CVE-2023-2005

HIGH
CVSS:8.8(High)

Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security...

CWE-4272023