CVE-2023-42472
CVSS V2 None
CVSS V3 None
Description
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.
Overview
- CVE ID
- CVE-2023-42472
- Assigner
- sap
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-09-12T01:58:32.439Z
- Last Modified Date
- 2023-09-12T01:58:32.439Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://me.sap.com/notes/3370490 | |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-42472 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42472 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 13:40:10 | Added to TrackCVE |