Two vital vulnerabilities
Of the 2 vital vulnerabilities addressed within the patch day, the extra extreme is an authentication bypass flaw (CVE-2024-41730) with a CVSS rating of 9.8/10 affecting SAP’s BusinessObjects enterprise intelligence platform, whereas the opposite is a server-side request forgery (SSRF) vulnerability in functions constructed with SAP Construct Apps.
CVE-2024-41730, as described by SAP, stems from a lacking authentication test within the SAP BusinessObjects enterprise intelligence platform. “In SAP BusinessObjects Enterprise Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized person can get a logon token utilizing a REST endpoint,” the ERP vendor stated in a safety advisory.
The attacker can totally compromise the system leading to a excessive affect on confidentiality, integrity, and availability, SAP added.
