Products
SAP BusinessObjects Business Intelligence Platform
Source
cna@sap.com
Tags
CVE-2024-45281 details
Published : Sept. 10, 2024, 5:15 a.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Description
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.
CVSS Score
1 | 2 | 3 | 4 | 5.8 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-426 | Untrusted Search Path | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
5.8
Exploitability Score
0.6
Impact Score
5.2
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
References
URL | Source |
---|---|
https://me.sap.com/notes/3425287 | cna@sap.com |
https://url.sap/sapsecuritypatchday | cna@sap.com |
This website uses the NVD API, but is not approved or certified by it.