CVE-2024-28166: Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform

3.7 CVSS

Description

SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful
exploitation, the attacker can cause a low impact on the Integrity of the
application.

Classification

CVE ID: CVE-2024-28166

CVSS Base Severity: LOW

CVSS Base Score: 3.7

Affected Products

Vendor: SAP_SE

Product: SAP BusinessObjects Business Intelligence Platform

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 24.01% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://me.sap.com/notes/3433545
https://me.sap.com/notes/3515653
https://url.sap/sapsecuritypatchday

Timeline

2024-12-11 00:30:52 UTC
CVE

Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform