Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-36922

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.2%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2023-36922
  • Sap » Netweaver » Version: 600
    cpe:2.3:a:sap:netweaver:600
  • Sap » Netweaver » Version: 602
    cpe:2.3:a:sap:netweaver:602
  • Sap » Netweaver » Version: 603
    cpe:2.3:a:sap:netweaver:603
  • Sap » Netweaver » Version: 604
    cpe:2.3:a:sap:netweaver:604
  • Sap » Netweaver » Version: 605
    cpe:2.3:a:sap:netweaver:605
  • Sap » Netweaver » Version: 606
    cpe:2.3:a:sap:netweaver:606
  • Sap » Netweaver » Version: 617
    cpe:2.3:a:sap:netweaver:617
  • Sap » Netweaver » Version: 618
    cpe:2.3:a:sap:netweaver:618
  • Sap » Netweaver » Version: 800
    cpe:2.3:a:sap:netweaver:800
  • Sap » Netweaver » Version: 802
    cpe:2.3:a:sap:netweaver:802
  • Sap » Netweaver » Version: 803
    cpe:2.3:a:sap:netweaver:803
  • Sap » Netweaver » Version: 804
    cpe:2.3:a:sap:netweaver:804
  • Sap » Netweaver » Version: 805
    cpe:2.3:a:sap:netweaver:805
  • Sap » Netweaver » Version: 806
    cpe:2.3:a:sap:netweaver:806
  • Sap » Netweaver » Version: 807
    cpe:2.3:a:sap:netweaver:807


Products
Pricing
Contact Us

Shodan ® - All rights reserved