CVE Database · CVE-2024-37179
CVSS v3.1
7.7
EPSS
0.43%
Published
Oct 8, 2024
Modified
Nov 14, 2024
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NWeaknesses (CWE)
Affected Products (3)
References (2)