CVE-2024-41730

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability.

References

Link	Resource
https://me.sap.com/notes/3479478	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_430:::::::*
	cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_440:::::::*

History

12 Sep 2024, 13:56

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3479478 -~~	() https://me.sap.com/notes/3479478 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory
CPE		cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_430:::::::* cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_440:::::::*
First Time		Sap business Objects Business Intelligence Platform Sap

13 Aug 2024, 12:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 04:15

Updated : 2024-09-12 13:56

NVD link : CVE-2024-41730

Mitre link : CVE-2024-41730

CVE.ORG link : CVE-2024-41730

JSON object : View

Products Affected

business_objects_business_intelligence_platform

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-41730", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-08-13T04:15:08.050", "references": [{"url": "https://me.sap.com/notes/3479478", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "In SAP BusinessObjects Business Intelligence\nPlatform, if Single Signed On is enabled on Enterprise authentication, an\nunauthorized user can get a logon token using a REST endpoint. The attacker can\nfully compromise the system resulting in High impact on confidentiality,\nintegrity and availability."}, {"lang": "es", "value": "En la plataforma SAP BusinessObjects Business Intelligence, si el inicio de sesi\u00f3n \u00fanico est\u00e1 habilitado en la autenticaci\u00f3n empresarial, un usuario no autorizado puede obtener un token de inicio de sesi\u00f3n mediante un endpoint REST. El atacante puede comprometer completamente el sistema, lo que tendr\u00e1 un alto impacto en la confidencialidad, la integridad y la disponibilidad."}], "lastModified": "2024-09-12T13:56:51.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_430:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0764428E-CA9F-4BEF-90A9-E81D21398B91"}, {"criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_440:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C464A193-F7CE-49A3-9B9D-17C1EA8E08AF"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}