Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
CVE-2023-42472
8.7HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 September 2023
What is CVE-2023-42472?
This vulnerability in SAP BusinessObjects Business Intelligence Platform (specifically the Web Intelligence HTML interface) allows authenticated users to upload files from their local systems. If an attacker intercepts the upload request, they can modify the content type and file extension, leading to unauthorized access to sensitive data and potential integrity issues. This exploit underscores the critical need for robust file type validation to prevent malicious file executions and safeguard application confidentiality.
Affected Version(s)
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) 420