CVE-2024-42375: 
SAP BusinessObjects Business Intelligence Platform vulnerability analysis and mitigation

SAP BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430, and 440 contain a vulnerability that allows an authenticated attacker to upload malicious code over the network. The vulnerability was discovered and disclosed on August 13, 2024, and received the identifier CVE-2024-42375 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates network accessibility, low attack complexity, requirement of low privileges, no user interaction, unchanged scope, no impact on confidentiality, low impact on integrity, and no impact on availability. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) (NVD).

Upon successful exploitation, the attacker can cause a low impact on the integrity of the application. The vulnerability specifically affects the system's ability to maintain proper control over file uploads, potentially allowing malicious code to be executed by the application (NVD).

SAP has released security patches to address this vulnerability. Organizations running affected versions of BusinessObjects Business Intelligence Platform should apply the relevant security updates as detailed in the SAP security notes (SAP Security, SAP Note 3433545, SAP Note 3515653).