Vulnerabilities > CVE-2024-34684 - Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430/440

CVSS 6.0 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

sap

NVD

Published: 2024-06-11

Updated: 2024-08-09

Summary

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence Platform 430 SAP Businessobjects Business Intelligence Platform 440 SAP Businessobjects Business Intelligence Platform 420	3

References

https://me.sap.com/notes/3441817
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html