A new critical authentication bypass vulnerability impacting SAP BusinessObjects Business Intelligence Platform from SAP has been reported. It has been assigned the reference CVE-2024-41730 and a CVSS 3.1 score of 9.8.
This flaw impacts the following version of the application:
- Enterprise 420 ;
- Enterprise 430 ;
- Enterprise 440.
It should be noted that it is actively exploited and the technical details allowing an attacker to exploit this CVE-2024-41730 vulnerability are public.
Initial vector attack of the SAP vulnerability
The vulnerability allows an unauthenticated attacker to connect to obtain an authentication token on the BusinessObjects Business Intelligence Platform when the Single Sign-On (SSO) feature is enabled.
Technical details of the SAP vulnerability
A request to the REST API of the SAP solution with a specific HTTP header allows to bypass the authentication mechanism and obtain a token that can be used in future request in order to access and potentially alter the content on the platform.
Attack modelling with MITRE ATT&CK
MITRE ATT&CK
- T1190 (Exploit Public-Facing Application)
How to protect against the SAP vulnerability with Stormshield Network Security
Protection against CVE-2024-41730
Stormshield Network Security (SNS) firewalls detect and block exploitation of CVE-2024-41730with the protocol inspection:
- http:client:header.239: Exploitation of an authorization Bypass on a SAP BusinessObjects Business Intelligence suite (CVE-2024-41730)
Confidence index for the protection offered by Stormshield |
Confidence index for the absence of false positives |
Recommandations regarding the SAP vulnerability
It is highly recommended to update the SAP BusinessObjects Business Intelligence Platform to the latest version.
The official bulletin is available here, but requires an authentication.
