Lucene search

SapCVELIST:CVE-2024-34684

HistoryJun 11, 2024 - 2:20 a.m.

CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)

2024-06-1102:20:31

CWE-200

sap

www.cve.org

cve-2024-34684

information disclosure

sap businessobjects

unix

scheduling

authenticated attacker

administrator access

local account

non-administrative user

remote server

3.7 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

On Unix, SAP BusinessObjects Business
Intelligence Platform (Scheduling) allows an authenticated attacker with
administrator access on the local server to access the password of a local
account. As a result, an attacker can obtain non-administrative user
credentials, which will allow them to read or modify the remote server files.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "ENTERPRISE 420"
      },
      {
        "status": "affected",
        "version": "430"
      },
      {
        "status": "affected",
        "version": "440"
      }
    ]
  }
]

References

me.sap.com/notes/3441817

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

3.7 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-34684