CVE-2024-25646
Last modified
CVE-2024-25646 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Businessobjects Web Intelligence | 420 |
| Sap | Businessobjects Web Intelligence | 430 |
| Sap | Businessobjects Web Intelligence | 440 |
References
- https://me.sap.com/notes/3421384Permissions Required
- https://me.sap.com/notes/3421384Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-25646?
How severe is CVE-2024-25646?
How do I fix CVE-2024-25646?
Are you affected by CVE-2024-25646?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST