Lucene search

[email protected]CVE-2024-34684

HistoryJun 11, 2024 - 3:15 a.m.

CVE-2024-34684

2024-06-1103:15:10

CWE-200

[email protected]

web.nvd.nist.gov

unix

sap businessobjects

bi platform

authenticated access

administrator

local server

passwords

non-administrative

user credentials

remote server files

3.7 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated attacker with
administrator access on the local server to access the password of a local
account. As a result, an attacker can obtain non-administrative user
credentials, which will allow them to read or modify the remote server files.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "ENTERPRISE 420"
      },
      {
        "status": "affected",
        "version": "430"
      },
      {
        "status": "affected",
        "version": "440"
      }
    ]
  }
]

References

me.sap.com/notes/3441817

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

3.7 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-34684

vulnrichment1 cvelist1 nvd1