SAP BusinessObjects Vulnerability: Malicious Code Upload
CVE-2024-28166

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 13 August 2024

What is CVE-2024-28166?

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform 2025

References

https://me.sap.com/notes/3433545

https://me.sap.com/notes/3515653

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Mar 6, 2024