CVE-2023-36922 Information

Description

Due to programming error in function module or report SAP NetWeaver ABAP (IS-OIL) - versions 600 602 603 604 605 606 617 618 800 802 803 804 805 806 807 allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation the attacker can read or modify the system data as well as shut down the system.

Reference

https://me.sap.com/notes/3350297 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html