Two essential vulnerabilities
Of the 2 essential vulnerabilities addressed within the patch day, the extra extreme is an authentication bypass flaw (CVE-2024-41730) with a CVSS rating of 9.8/10 affecting SAP’s BusinessObjects enterprise intelligence platform, whereas the opposite is a server-side request forgery (SSRF) vulnerability in purposes constructed with SAP Construct Apps.
CVE-2024-41730, as described by SAP, stems from a lacking authentication examine within the SAP BusinessObjects enterprise intelligence platform. “In SAP BusinessObjects Enterprise Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized consumer can get a logon token utilizing a REST endpoint,” the ERP vendor mentioned in a security advisory.
The attacker can absolutely compromise the system leading to a excessive affect on confidentiality, integrity, and availability, SAP added.
