CVE-2024-28166

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:440:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_420:*:*:*:*:*:*:*

History

10 Dec 2024, 07:15

Type Values Removed Values Added
References
  • () https://me.sap.com/notes/3515653 -
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 3.7

16 Sep 2024, 16:17

Type Values Removed Values Added
First Time Sap
Sap business Objects Business Intelligence Platform
CVSS v2 : unknown
v3 : 3.7
v2 : unknown
v3 : 4.3
Summary
  • (es) La plataforma SAP BusinessObjects Business Intelligence permite a un atacante autenticado cargar código malicioso a través de la red, que podría ser ejecutado por la aplicación. Si la explotación tiene éxito, el atacante puede causar un impacto bajo en la integridad de la aplicación.
References () https://me.sap.com/notes/3433545 - () https://me.sap.com/notes/3433545 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_420:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:440:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*

13 Aug 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-12-10 07:15


NVD link : CVE-2024-28166

Mitre link : CVE-2024-28166

CVE.ORG link : CVE-2024-28166


JSON object : View

Products Affected

sap

  • business_objects_business_intelligence_platform
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type