SAP BusinessObjects Scheduling Vulnerability Allows Authenticated Attacker to Access Password
CVE-2024-34684

6MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 11 June 2024

Summary

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 420

SAP BusinessObjects Business Intelligence Platform 430

SAP BusinessObjects Business Intelligence Platform 440

References

https://me.sap.com/notes/3441817

https://support.sap.com/en/my-support/knowledge-base/secu...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 7, 2024