CVE-2024-25646
Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
Debido a una validación incorrecta, SAP BusinessObject Business Intelligence Launch Pad permite que un atacante autenticado acceda a información del sistema operativo mediante un documento manipulado. Una explotación exitosa podría tener un impacto considerable en la confidencialidad de la solicitud.
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-09 CVE Reserved
- 2024-04-09 CVE Published
- 2024-04-09 EPSS Updated
- 2024-09-28 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://me.sap.com/notes/3421384 | ||
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
SAP SE Search vendor "SAP SE" | SAP BusinessObjects Web Intelligence Search vendor "SAP SE" for product "SAP BusinessObjects Web Intelligence" | 420 Search vendor "SAP SE" for product "SAP BusinessObjects Web Intelligence" and version "420" | en |
Affected
| ||||||
SAP SE Search vendor "SAP SE" | SAP BusinessObjects Web Intelligence Search vendor "SAP SE" for product "SAP BusinessObjects Web Intelligence" | 430 Search vendor "SAP SE" for product "SAP BusinessObjects Web Intelligence" and version "430" | en |
Affected
| ||||||
SAP SE Search vendor "SAP SE" | SAP BusinessObjects Web Intelligence Search vendor "SAP SE" for product "SAP BusinessObjects Web Intelligence" | 440 Search vendor "SAP SE" for product "SAP BusinessObjects Web Intelligence" and version "440" | en |
Affected
|