← voltar
CVE-2024-28166

Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

CVSS 3.7 LOWEPSS 0.3%CWE-434
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 3.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 ago 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
SAP_SE · SAP BusinessObjects Business Intelligence Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3433545https://me.sap.com/notes/3515653https://url.sap/sapsecuritypatchday