heise PlusAbo
Anzeige

Patchday: Attackers can compromise SAP BusinessObjects

Among other things, the SAP developers have closed critical security gaps in their enterprise software.

listen Print view
SAP logo with stains and the inscription "Patchday"

(Image: heise online)

1 min. read
Security
By

Various SAP software products are vulnerable. After successful attacks, attackers can, for example, access services without logging in or view data that is actually protected.

Patch now!

In an article on the August Patchday, the developers warn, among other things, of two"critical" vulnerabilities for SAP BusinessObjects Business Intelligence Platform (CVE-2024-41730) and SAP Build Apps (CVE-2024-29415). If single sign-on is enabled for BusinessObjects Business Intelligence Platform, an attacker can obtain a log-in token via a REST endpoint. This could lead to complete compromise.

Videos by heise

Other vulnerabilities are classified with a"high" threat level. Attackers can use these points for data leaks, among other things (CVE-2024-33003). In order to protect companies from attacks, admins should install the versions equipped against the described attacks as soon as possible. So far, there have been no reports of attacks already in progress.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten