SAP has patched more than a dozen security vulnerabilities, including two of critical severity that could have allowed threat actors to take full control of a faulty endpoint.
In a security advisory, SAP detailed the “missing authentication check” vulnerability affecting SAP BusinessObjects Business Intelligence Platform versions 430 and 440. The bug is known as CVE-2024-41730 and has a severity score of 9.8 (critical).
“In SAP BusinessObjects Business Intelligence Platform, if single sign-on is enabled in enterprise authentication, an unauthorized user can obtain a login token via a REST endpoint,” SAP explained in the advisory. “The attacker can completely compromise the system, which has a major impact on confidentiality, integrity, and availability.”
Server-side request forgeries and more
The second critical vulnerability is a Server-Side Request Forgery (SSRF) flaw that affects applications built with SAP Build Apps prior to version 4.11.130. This bug was introduced via a fix for a previous vulnerability and is known as CVE-2024-29415. It has a severity score of 9.1. The bug was found in the 'IP' packet for Node.js, when parsing whether an IP address is public or not. With the octal representation, the packet mistakenly recognizes '127.0.0.1' as a public, globally routable address.
SAP is the world’s largest ERP vendor, with products used by more than 90% of the Forbes Global 2000 list, so cybercriminals will likely be looking for unpatched endpoints, looking for a way into the IT networks of some of the world’s biggest brands.
In addition to these two, SAP has fixed four other high severity vulnerabilities, with scores ranging from 7.4 to 8.2. These include an XML injection issue in the SAP BEx Web Java Runtime Export web service, a bug in SAP S/4 HANA, one in SAP NetWeaver AS Java, and one in SAP Commerce Cloud.
Via Bleeping Computer