CVE-2024-34684 LOW

CVE-2024-34684: Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)

Vendor Sap_Se
Product SAP BusinessObjects Business Intelligence Platform
Weakness CWE-200 · Info exposure
Published June 11, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

3.7/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files.

Key dates

02Disclosure timeline

June 11, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-7156 TOTOLINK A3700R apmib Configuration ExportSettings.sh information disclosure CVE-2024-23193 CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys CVE-2023-1263 CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure CVE-2025-12492 Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin <= 2.11.0 - Unauthenticated Sensitive Information Exposure