HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-37179

CVSS 7.7v3.1pub. 2024-10-08upd. 2024-11-14

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Sap Businessobjects Business Intelligence

    APP
    Sap
    2025420430
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-40622CRITICAL9.9ten sam produkt

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain c...

CVE-2023-28762CRITICAL9.1ten sam produkt

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with ...

CVE-2023-28765CRITICAL9.8ten sam produkt

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management)...

CVE-2018-2445CRITICAL9.6ten sam produkt

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate t...

CVE-2025-23192HIGH8.2ten sam produkt

SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store...