CVE-2024-45281 — Untrusted Search Path in SE SAP Businessobjects Business Intelligence Platform

CWE-426 — Untrusted Search Path3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.0%

top 86.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedSep 10

Description

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.6 | Impact: 5.2

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform430

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform430

Patches

Patch: url.sap ↗

🔴Vulnerability Details

CVEList

DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform↗2024-09-10

▶

GHSA

GHSA-43rj-h44p-4j25: SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not di↗2024-09-10

▶