CVE-2024-28166

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28166
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://me.sap.com/notes/3433545 Permissions Required
https://me.sap.com/notes/3515653
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_420:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:440:*:*:*:*:*:*:*
History

10 Dec 2024, 07:15

Type Values Removed Values Added
References
  • () https://me.sap.com/notes/3515653 -
CWE CWE-434

16 Sep 2024, 16:17

Type Values Removed Values Added
CPE cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_420:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_objects_business_intelligence_platform:440:*:*:*:*:*:*:*
References () https://me.sap.com/notes/3433545 - () https://me.sap.com/notes/3433545 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
First Time Sap
Sap business Objects Business Intelligence Platform

13 Aug 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-13 04:15

Updated : 2024-12-10 07:15

NVD link : CVE-2024-28166

Mitre link : CVE-2024-28166

JSON object : View

Products Affected

sap

  • business_objects_business_intelligence_platform
CWE

No CWE.