CVE-2023-42472

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform version 420

Description The issue is related to insufficient file type validation in the SAP BusinessObjects Business Intelligence Platform, specifically in the Web Intelligence HTML interface. This allows a report creator to upload files from their local system into the report over the network. An authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data, causing a high impact on the confidentiality and integrity of the application.

Recommendations For version 420, consider restricting file uploads to only necessary file types to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the file upload feature in the Web Intelligence HTML interface until a fix is provided. Restrict access to sensitive data within the application to minimize the potential impact of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.