Lucene search

SapVULNRICHMENT:CVE-2024-28166

HistoryAug 13, 2024 - 4:05 a.m.

CVE-2024-28166 Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

2024-08-1304:05:24

CWE-434

sap

github.com

sap businessobject business intelligence platform

unrestricted file upload

vulnerabilities

malicious code

network exploitation

low impact

application integrity

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful
exploitation, the attacker can cause a low impact on the Integrity of the
application.

CNA Affected

[
  {
    "vendor": "SAP_SE",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "versions": [
      {
        "status": "affected",
        "version": "ENTERPRISE 420"
      },
      {
        "status": "affected",
        "version": "430"
      },
      {
        "status": "affected",
        "version": "440"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3433545

url.sap/sapsecuritypatchday

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.9

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28166