HIGH✓ PATCH🇬🇧 English

CVE-2024-37179

CVSS 7.7v3.1pub. 2024-10-08upd. 2024-11-14

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Sap Businessobjects Business Intelligence

    APP
    Sap
    2025420430
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-40622CRITICAL9.9ten sam produkt

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain c...

CVE-2023-28762CRITICAL9.1ten sam produkt

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with ...

CVE-2023-28765CRITICAL9.8ten sam produkt

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management)...

CVE-2018-2445CRITICAL9.6ten sam produkt

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate t...

CVE-2025-23192HIGH8.2ten sam produkt

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store...

CVE-2024-37179 — HIGH 7.7 | CVEbaza.pl