CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45281 – DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-45281
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application. • https://me.sap.com/notes/3425287 https://url.sap/sapsecuritypatchday • CWE-426: Untrusted Search Path •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41731 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-41731
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-28166 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28166
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42375 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-42375
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41730 – Missing Authentication check in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-41730
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability. • https://me.sap.com/notes/3479478 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •