SAP has fixed more than a dozen security vulnerabilities, including two critical ones, that could have allowed attackers to take full control of a compromised endpoint.
In a security adviceSAP has detailed the “missing authentication check” vulnerability that affects SAP BusinessObjects Business Intelligence Platform versions 430 and 440. The bug is tracked as CVE-2024-41730 and has a severity rating of 9.8 (critical).
“In SAP BusinessObjects Business Intelligence Platform, if Single Sign On is enabled on Enterprise Authentication, an unauthorized user can obtain a logon token using a REST endpoint,” SAP explained in the advisory. “The attacker can completely compromise the system, resulting in a major impact on confidentiality, integrity, and availability.”
Server-side request forgeries and more
The second critical vulnerability is a server-side request forgery (SSRF) flaw that affects apps built with SAP Build Apps before version 4.11.130. This bug was introduced via a fix for an earlier vulnerability and is tracked as CVE-2024-29415. The severity score is 9.1. The bug was found in the ‘IP’ packet for Node.js, when it analyzes whether an IP address is public or not. With octal representation, the packet incorrectly recognizes ‘127.0.0.1’ as a public and globally routable address.
SAP is the world’s largest ERP vendor, with products used by over 90% of the Forbes Global 2000 list. As a result, cybercriminals will likely be looking for unpatched endpoints as they look for a way to compromise the IT networks of some of the world’s biggest brands.
In addition to these two, SAP has fixed four other high severity vulnerabilities, with scores ranging from 7.4 to 8.2. These include an XML injection issue in the SAP BEx Web Java Runtime Export Web Service, a bug in SAP S/4 HANA, one in SAP NetWeaver AS Java and one in SAP Commerce Cloud.
Via Beeping computer