SAP BusinessObjects BI: DLL Signature Bypass via Untrusted Desktop Apps
CVE-2024-45281 Published on September 10, 2024
DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This could result in a high impact on confidentiality and integrity of the application.
Vulnerability Analysis
CVE-2024-45281 can be exploited with local system access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2024-45281 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2024-45281
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence Platform? stack.watch will email you.
Affected Versions
SAP_SE SAP BusinessObjects Business Intelligence Platform:- Version 430 is affected.
- Version 430 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.