← back
CVE-2024-41731

Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

CVSS 3.1 LOWEPSS 0.4%CWE-434
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
SAP_SE · SAP BusinessObjects Business Intelligence Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3433545https://me.sap.com/notes/3515653https://url.sap/sapsecuritypatchday