CVE-2023-36922
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
| Software | From | Fixed in |
|---|---|---|
| sap / netweaver | 600 | 600.x |
| sap / netweaver | 602 | 602.x |
| sap / netweaver | 603 | 603.x |
| sap / netweaver | 604 | 604.x |
| sap / netweaver | 605 | 605.x |
| sap / netweaver | 606 | 606.x |
| sap / netweaver | 617 | 617.x |
| sap / netweaver | 618 | 618.x |
| sap / netweaver | 800 | 800.x |
| sap / netweaver | 802 | 802.x |
| sap / netweaver | 803 | 803.x |
| sap / netweaver | 804 | 804.x |
| sap / netweaver | 805 | 805.x |
| sap / netweaver | 806 | 806.x |
| sap / netweaver | 807 | 807.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime