Lucene search

SapCVELIST:CVE-2024-42375

HistoryAug 13, 2024 - 4:03 a.m.

CVE-2024-42375 Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

2024-08-1304:03:26

CWE-434

sap

www.cve.org

sap businessobjects

bi platform

file upload

network

authenticated attacker

malicious code

application

exploitation

low impact

integrity

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.7%

JSON

SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful exploitation,
the attacker can cause a low impact on the Integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "ENTERPRISE 420"
      },
      {
        "status": "affected",
        "version": "430"
      },
      {
        "status": "affected",
        "version": "440"
      }
    ]
  }
]

References

me.sap.com/notes/3433545

url.sap/sapsecuritypatchday

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-42375