CVE-2023-36922

Due to programming error in function module or report, SAP NetWeaver ABAP (IS-OIL) – versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807, allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.

Source: CVE-2023-36922