Vulnerabilities > CVE-2023-42472 - Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420

CVSS 7.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2023-09-12

Updated: 2024-11-21

Summary

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence Platform 420	1

References

https://me.sap.com/notes/3370490
https://me.sap.com/notes/3370490
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html