CVE-2024-41730

Summary

In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BusinessObjects Business Intelligence PlatformENTERPRISE 430affected
SAP_SESAP BusinessObjects Business Intelligence Platform440affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References