CVE-2024-28166
Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
Severity Score
3.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful
exploitation, the attacker can cause a low impact on the Integrity of the
application.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-06 CVE Reserved
- 2024-08-13 CVE Published
- 2024-08-13 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP BusinessObjects Business Intelligence Platform Search vendor "SAP SE" for product "SAP BusinessObjects Business Intelligence Platform" | 420 Search vendor "SAP SE" for product "SAP BusinessObjects Business Intelligence Platform" and version "420" | en |
Affected
| ||||||
| SAP SE Search vendor "SAP SE" | SAP BusinessObjects Business Intelligence Platform Search vendor "SAP SE" for product "SAP BusinessObjects Business Intelligence Platform" | 430 Search vendor "SAP SE" for product "SAP BusinessObjects Business Intelligence Platform" and version "430" | en |
Affected
| ||||||
| SAP SE Search vendor "SAP SE" | SAP BusinessObjects Business Intelligence Platform Search vendor "SAP SE" for product "SAP BusinessObjects Business Intelligence Platform" | 440 Search vendor "SAP SE" for product "SAP BusinessObjects Business Intelligence Platform" and version "440" | en |
Affected
| ||||||