Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37179

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.

Published

2024-10-08T04:15:06.600

Last Modified

2024-11-14T17:35:54.067

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	businessobjects_business_intelligence	420	Yes
Application	sap	businessobjects_business_intelligence	430	Yes
Application	sap	businessobjects_business_intelligence	2025	Yes

References

https://me.sap.com/notes/3478615 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Vendor Advisory ([email protected])