CVE-2024-37179

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.
References
Link Resource
https://me.sap.com/notes/3478615 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:2025:*:*:*:*:*:*:*

History

14 Nov 2024, 17:35

Type Values Removed Values Added
CPE cpe:2.3:a:sap:businessobjects_business_intelligence:2025:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:420:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence:430:*:*:*:*:*:*:*
References () https://me.sap.com/notes/3478615 - () https://me.sap.com/notes/3478615 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
First Time Sap
Sap businessobjects Business Intelligence
CVSS v2 : unknown
v3 : 7.7
v2 : unknown
v3 : 6.5

10 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) SAP BusinessObjects Business Intelligence Platform permite que un usuario autenticado envíe una solicitud especialmente manipulada al servidor de informes Web Intelligence para descargar cualquier archivo de la máquina que aloja el servicio, lo que provoca un alto impacto en la confidencialidad de la aplicación.

08 Oct 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-08 04:15

Updated : 2024-11-14 17:35


NVD link : CVE-2024-37179

Mitre link : CVE-2024-37179

CVE.ORG link : CVE-2024-37179


JSON object : View

Products Affected

sap

  • businessobjects_business_intelligence
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type