CVE-2024-25646

Published: Apr 9, 2024Modified: Oct 29, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.

Affected (3)

Products: Sap: Businessobjects Web Intelligence

1 product

Businessobjects Web Intelligence

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Web Intelligence	Version 420
Sap Businessobjects Web Intelligence	Version 430
Sap Businessobjects Web Intelligence	Version 440

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://me.sap.com/notes/3421384

Source: cna@sap.com

Permissions Required

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Source: cna@sap.com

Patch

https://me.sap.com/notes/3421384

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.