HomeVulnerabilitySAP patches essential bugs permitting full system compromise

SAP patches essential bugs permitting full system compromise

Two essential vulnerabilities

Of the 2 essential vulnerabilities addressed within the patch day, the extra extreme is an authentication bypass flaw (CVE-2024-41730) with a CVSS rating of 9.8/10 affecting SAP’s BusinessObjects enterprise intelligence platform, whereas the opposite is a server-side request forgery (SSRF) vulnerability in purposes constructed with SAP Construct Apps.

CVE-2024-41730, as described by SAP, stems from a lacking authentication examine within the SAP BusinessObjects enterprise intelligence platform. “In SAP BusinessObjects Enterprise Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized consumer can get a logon token utilizing a REST endpoint,” the ERP vendor mentioned in a security advisory.

The attacker can absolutely compromise the system leading to a excessive affect on confidentiality, integrity, and availability, SAP added.

See also  High 6 IDS/IPS instruments — plus 4 open-source alternate options
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular