I’M UNDER A CYBER ATTACK

Alert

Alert 2024-22 Critical Authentication Vulnerability in SAP Platform

Affected Product(s):

  • BusinessObjects Business Intelligence versions 430 and 440

Description:

SAP has released its August 2024 security patch package, addressing 17 vulnerabilities, including a critical authentication omission that could allow remote attackers to fully compromise the system.

Among the most significant vulnerabilities is CVE-2024-41730, which has been rated with a score of 9.8 on the CVSS v3.1 scale. This “missing authentication check” flaw affects versions 430 and 440 of the SAP BusinessObjects Business Intelligence Platform and is exploitable under certain conditions.

In the SAP BusinessObjects Business Intelligence Platform, if Single Sign-On (SSO) is enabled in business authentication, an unauthorized user could obtain a login token through a REST endpoint. This would allow the attacker to fully compromise the system, severely impacting the confidentiality, integrity, and availability of business intelligence data and services.

Currently, this vulnerability is under analysis, and not all information is available.

Solution:

Patches are available for the following versions:

  • SBOP BI 4.3 Servers – Patch Level SP005
  • SBOP BI 2025 Servers – Patch Level SP00
  • SBOP BI 4.3 Servers – Patch Level SP004
Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.