CVE-2024-37179

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform (web Intelligence)SAP Businessobjects Business Intelligence

Timeline

PublishedOct 8

Description

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform_(web_intelligence)4 versions+3

▶NVDsap/businessobjects_business_intelligence2025, 420, 430+2

🔴Vulnerability Details

GHSA

GHSA-gc4w-ffjr-829q: SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting↗2024-10-08

▶

CVEList

Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)↗2024-10-08

▶