CVE-2025-0064

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.

CVSS v3 8.7 HIGH

8.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3525794
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

18 Feb 2025, 18:15

Type	Values Removed	Values Added
Summary		(es) En determinadas condiciones, la consola de administración central de la plataforma SAP BusinessObjects Business Intelligence permite a un atacante con derechos de administrador generar o recuperar una contraseña secreta, lo que le permite hacerse pasar por cualquier usuario del sistema. Esto tiene un gran impacto en la confidencialidad y la integridad, pero no en la disponibilidad.

11 Feb 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-11 01:15

Updated : 2025-02-18 18:15

NVD link : CVE-2025-0064

Mitre link : CVE-2025-0064

CVE.ORG link : CVE-2025-0064

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

8.7 /10