{"id":7615,"date":"2024-10-10T10:35:18","date_gmt":"2024-10-10T16:35:18","guid":{"rendered":"https:\/\/beaconlab.mx\/?post_type=publicacion&#038;p=6279"},"modified":"2024-10-21T16:40:37","modified_gmt":"2024-10-21T21:40:37","slug":"2024-48-vulnerabilidad-critica-de-ejecucion-remota-de-codigo-en-sap-business-intelligence-platform","status":"publish","type":"publicacion","link":"https:\/\/beaconlab.us\/es\/publicacion\/2024-48-vulnerabilidad-critica-de-ejecucion-remota-de-codigo-en-sap-business-intelligence-platform\/","title":{"rendered":"Alerta 2024-48 Vulnerabilidad Cr\u00edtica de Ejecuci\u00f3n Remota de C\u00f3digo en SAP Business Intelligence Platform"},"content":{"rendered":"<p><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW246832109 BCX0\">Este mes, SAP solucion\u00f3 una vulnerabilidad cr\u00edtica en su plataforma <\/span><\/span><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SpellingErrorV2Themed SCXW246832109 BCX0\">BusinessObjects<\/span><\/span><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW246832109 BCX0\">, identificada como <\/span><\/span><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW246832109 BCX0\">CVE-<\/span><span class=\"NormalTextRun SCXW246832109 BCX0\">2024-41730. <\/span><\/span><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW246832109 BCX0\">La vulnerabilidad afecta al <\/span><\/span><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW246832109 BCX0\">SAP <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW246832109 BCX0\">BusinessObjects<\/span> <span class=\"NormalTextRun SCXW246832109 BCX0\">Business <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW246832109 BCX0\">Intelligence<\/span> <span class=\"NormalTextRun SpellingErrorV2Themed SCXW246832109 BCX0\">Platform<\/span><\/span><span class=\"TextRun SCXW246832109 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW246832109 BCX0\">, permitiendo a un atacante no autenticado realizar ataques de deserializaci\u00f3n de datos no confiables. Esta vulnerabilidad es particularmente peligrosa, ya que puede llevar a la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el servidor afectado, comprometiendo la confidencialidad, integridad y disponibilidad de la informaci\u00f3n cr\u00edtica manejada en la plataforma.<\/span><\/span><span class=\"EOP SCXW246832109 BCX0\" data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\">La vulnerabilidad tiene una puntuaci\u00f3n de <\/span><\/span><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\">CVSS 9.8<\/span><\/span><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\">, lo que la clasifica como cr\u00edtica, y afecta a las versiones <\/span><\/span><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\">SAP <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW181751943 BCX0\">BusinessObjects<\/span><span class=\"NormalTextRun SCXW181751943 BCX0\"> BI <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW181751943 BCX0\">Platform<\/span><span class=\"NormalTextRun SCXW181751943 BCX0\"> 420<\/span><\/span><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\"> y <\/span><\/span><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\">430<\/span><\/span><span class=\"TextRun SCXW181751943 BCX0\" lang=\"ES-MX\" xml:lang=\"ES-MX\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW181751943 BCX0\">. Para explotar esta falla, los atacantes pueden enviar una solicitud maliciosa al servidor, lo que podr\u00eda permitirles ejecutar c\u00f3digo arbitrario y tomar control del sis<\/span><\/span><\/p>\n<p><span data-contrast=\"none\">Para solucionar la vulnerabilidad <\/span><b><span data-contrast=\"none\">CVE-2024-41730<\/span><\/b><span data-contrast=\"none\"> en <\/span><b><span data-contrast=\"none\">SAP BusinessObjects Business Intelligence Platform<\/span><\/b><span data-contrast=\"none\">, SAP ha lanzado parches de seguridad que deben aplicarse a las versiones afectadas. Los parches est\u00e1n disponibles en el <\/span><b><span data-contrast=\"none\">SAP Support Portal<\/span><\/b><span data-contrast=\"none\">, donde se pueden descargar e implementar siguiendo las gu\u00edas de actualizaci\u00f3n proporcionadas por SAP en el siguiente link:<\/span><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/support.sap.com\/en\/my-support\/knowledge-base\/security-notes-news\/october-2024.html\"><span data-contrast=\"none\">SAP Security Patch Day \u2013 October 2024<\/span><\/a><span data-ccp-props=\"{&quot;335551550&quot;:6,&quot;335551620&quot;:6}\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"featured_media":7635,"template":"","class_list":["post-7615","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry"],"acf":{"activar_pdf_link":true,"pdf":7990,"numero_de_boletin":"","traffic_light_protocol":"Amber"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/7615","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/types\/publicacion"}],"version-history":[{"count":1,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/7615\/revisions"}],"predecessor-version":[{"id":7804,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/publicacion\/7615\/revisions\/7804"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media\/7635"}],"wp:attachment":[{"href":"https:\/\/beaconlab.us\/es\/wp-json\/wp\/v2\/media?parent=7615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}