← Zuruck zu CVEs
CVE-2024-41730
CRITICAL9.8
Beschreibung
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/13/2024
Zuletzt geandert9/12/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sap:business_objects_business_intelligence_platform
Schwachen (CWE)
CWE-862
Referenzen
https://me.sap.com/notes/3479478(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.