Description
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3425287
Scores
CVSS v3
5.8
EPSS
0.0016
EPSS Percentile
6.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-426
Status
published
Products (1)
sap/businessobjects_business_intelligence_platform
430
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026