PT-2024-5562 · Sap · Sap Businessobjects Business Intelligence Platform
Published
2024-08-12
·
Updated
2025-09-22
·
CVE-2024-41730
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
SAP BusinessObjects Business Intelligence Platform versions 4.30 and 4.40
The issue involves a missing authentication check in the SAP BusinessObjects Business Intelligence Platform when Single Signed On is enabled on Enterprise authentication. An unauthorized user can obtain a logon
token by accessing a REST endpoint. Successful exploitation allows an attacker to fully compromise the system, impacting confidentiality, integrity, and availability.Recommendations:
Apply the security note 3479478.
Update to the latest security patch package released in August 2024.
Update to the latest security patch package released in October 2024.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence Platform