Enterprise440

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

CWE-862

critical

NVD

Published: 2024-08-13

Updated: 2024-09-12

Summary

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Business Objects Business Intelligence Platform Enterprise_430 SAP Business Objects Business Intelligence Platform Enterprise_440	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://me.sap.com/notes/3479478
https://url.sap/sapsecuritypatchday