PT-2024-2972 · Sap · Sap Businessobject Business Intelligence Launch Pad
Published
2024-04-08
·
Updated
2025-10-29
·
CVE-2024-25646
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP BusinessObject Business Intelligence Launch Pad (affected versions not specified)
Description
The issue is related to improper validation in SAP BusinessObject Business Intelligence Launch Pad, allowing an authenticated attacker to access operating system information using a crafted document. This could have a considerable impact on the confidentiality of the application. The vulnerability is also associated with a lack of protection for service data, which could enable a remote attacker to gain unauthorized access to protected information.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Businessobject Business Intelligence Launch Pad