2 min Security

SAP BusinessObjects BI platform can be accessed remotely

SAP BusinessObjects BI platform can be accessed remotely

A critical authentication vulnerability allows hackers to remotely invade and completely abuse the SAP BusinessObjects Business Intelligence platform. The ERP and cloud giant has since fixed this issue along with 16 other vulnerabilities.

According to SAP’s monthly security release, this critical vulnerability allows hackers to compromise the SAP BusinessObjects BI suite remotely. For affected companies, this has a huge impact on their reliability, integrity and availability, according to SAP.

This is possible on the platform’s versions 430 and 440. More specifically, the critical vulnerability CVE-2024-41730 found involves a “missing authentication check” bug. When Single Sign On for Enterprise authentication is enabled within the SAP BusinessObjects BI platform, hackers can obtain a login token using a REST-based endpoint. Hackers can then fully penetrate and compromise the system.

Second critical vulnerability

In addition to this vulnerability, another critical flaw, CVE-2024-29415, has been found in SAP systems. This is a server-side request forgery flaw in SAO Build Apps older than version 4.11.130.

It involves a vulnerability in the IP package for Node.js, which checks whether a specific IP address is public or private. Because of the flaw, the IP address “127.0.0.1” is sometimes incorrectly recognized as a public and globally routable address.

Fourteen other vulnerabilities fixed

In addition to these two critical vulnerabilities, SAP also released fixes for quite a few others. These include vulnerabilities found in the SAP BEx Web Java Runtime Export Web Service, SAP S4/HANA, SAP NetWeaver AS Java, and SAP Commerce Cloud, among others.

The ERP and cloud giant calls on its solutions’ users to install the patches immediately.

Also read: SAP sees 33% increase in Cloud ERP revenue