The most important of the new notes deals with two critical vulnerabilities in SAP Diagnostics Agent that could be exploited to execute commands on all monitored SAP systems. The bugs are tracked as CVE-2023-27497 (CVSS score of 10) and CVE-2023-27267 (CVSS score of 9).
The two critical vulnerabilities addressed this week were identified in the OSCommandBridge and the EventLogService Collector components and can be exploited without authentication to execute scripts on all connected Diagnostics Agents.
The vulnerabilities have been classified into different categories based on their potential impact. Here are the categories and the number of vulnerabilities in each category:
- 45 Remote Code Execution Vulnerabilities
- 20 Elevation of Privilege Vulnerabilities
- 10 Information Disclosure Vulnerabilities
- 9 Denial of Service Vulnerabilities
- 8 Security Feature Bypass Vulnerabilities
- 6 Spoofing Vulnerabilities
In February, Microsoft released a patch to address a vulnerability in its SQL Server:
The vulnerability, CVE-2023-23384 (CVSS score: 7.3, High), relates to an out-of-band write bug in the SQLcmd tool, and if exploited, it could allow an unauthenticated attacker to execute code with elevated privileges.
Another significant patch this month came from SAP which include fixes for two critical vulnerabilities.
CVE-2023-27267 (CVSS score: 9.0, Critical): An attacker could exploit CVE-2023-27267 to execute scripts on connected agents, compromising the system completely.
CVE-2023-28765 (CVSS score: 9.8, Critical): It is an Information Disclosure vulnerability affecting SAP BusinessObjects Business Intelligence Platform, versions 420 and 430. It could allow an attacker with basic privileges to decrypt the lcmbiar file. If successful, the attacker could gain access to user passwords on the platform and take over their accounts.
CVE-2023-29186 (CVSS score: 8.7, High): Another important vulnerability mentioned in the patch is a Directory Traversal vulnerability in SAP NetWeaver 707, 737, 747, and 757. It may allow for uploading and overwriting files on the vulnerable SAP server.