CVE-2024-37179

Summary

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects Business Intelligence Platform (Web Intelligence)ENTERPRISE 420affected
SAP_SESAP BusinessObjects Business Intelligence Platform (Web Intelligence)430affected
SAP_SESAP BusinessObjects Business Intelligence Platform (Web Intelligence)2025affected
SAP_SESAP BusinessObjects Business Intelligence Platform (Web Intelligence)ENTERPRISECLIENTTOOLS 420affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References