CVE-2023-27271 MEDIUM

CVE-2023-27271: Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform

Vendor Sap
Product BusinessObjects Business Intelligence Platform (Web Services)
Weakness CWE-918 · SSRF
Published March 14, 2023
Last update February 27, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability.

Key dates

02Disclosure timeline

March 14, 2023 CVE published
February 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-11437 perfree go-fastdfs-web Installation Endpoint checkServer server-side request forgery CVE-2026-42345 FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot CVE-2024-35635 WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability CVE-2026-30839 Wallos: SSRF via webhook test endpoint CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery