SAP has fixed more than a dozen security vulnerabilities, including two critical vulnerabilities that could have allowed threat actors to take complete control of a flawed endpoint.
In a security advisory, SAP detailed the “missing authentication check” vulnerability that affects SAP BusinessObjects Business Intelligence platform versions 430 and 440. The bug is tracked as CVE-2024-41730 and has a severity level of 9.8 (critical).
“In SAP BusinessObjects Business Intelligence Platform, if single sign-on is enabled in enterprise authentication, an unauthorized user can obtain a login token through a REST endpoint,” SAP explained in the alert. “The attacker can completely compromise the system, resulting in significant impact to confidentiality, integrity, and availability.”
Server-side request forgery and more
The second critical vulnerability is a Server-Side Request Forgery (SSRF) bug that affects apps built with SAP Build Apps prior to version 4.11.130. This bug was introduced by a fix for a previous vulnerability and is tracked as CVE-2024-29415. It has a severity of 9.1. The bug was found in the “IP” package for Node.js when it parsed whether an IP address is public or not. When represented in octal, the package incorrectly recognizes “127.0.0.1” as a public and globally routable address.
SAP is the world’s largest ERP vendor, with more than 90% of the Forbes Global 2000 list companies using its products. Cybercriminals will therefore most likely look for endpoints that do not have the patch installed, thus finding a way into the IT networks of some of the world’s most prominent brands.
In addition, SAP has fixed four other severe vulnerabilities that received scores ranging from 7.4 to 8.2. These include an XML injection issue in SAP BEx Web Java Runtime Export Web Service, one in SAP S/4 HANA, one in SAP NetWeaver AS Java, and one in SAP Commerce Cloud.
About Bleeping Computer