CVE-2024-34684
LOWSAP BusinessObjects Business Intelligence Platform - Authenticated Local Account Password Exposure
Title source: llmDescription
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3441817
Patch, Vendor Advisory
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Scores
CVSS v3
3.7
EPSS
0.0011
EPSS Percentile
28.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (3)
sap/businessobjects_business_intelligence_platform
420
sap/businessobjects_business_intelligence_platform
430
sap/businessobjects_business_intelligence_platform
440
Published
Jun 11, 2024
Tracked Since
Feb 18, 2026