{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:36:48.749","vulnerabilities":[{"cve":{"id":"CVE-2024-41730","sourceIdentifier":"cna@sap.com","published":"2024-08-13T04:15:08.050","lastModified":"2024-09-12T13:56:51.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In SAP BusinessObjects Business Intelligence\nPlatform, if Single Signed On is enabled on Enterprise authentication, an\nunauthorized user can get a logon token using a REST endpoint. The attacker can\nfully compromise the system resulting in High impact on confidentiality,\nintegrity and availability."},{"lang":"es","value":"En la plataforma SAP BusinessObjects Business Intelligence, si el inicio de sesión único está habilitado en la autenticación empresarial, un usuario no autorizado puede obtener un token de inicio de sesión mediante un endpoint REST. El atacante puede comprometer completamente el sistema, lo que tendrá un alto impacto en la confidencialidad, la integridad y la disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_430:*:*:*:*:*:*:*","matchCriteriaId":"0764428E-CA9F-4BEF-90A9-E81D21398B91"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_objects_business_intelligence_platform:enterprise_440:*:*:*:*:*:*:*","matchCriteriaId":"C464A193-F7CE-49A3-9B9D-17C1EA8E08AF"}]}]}],"references":[{"url":"https://me.sap.com/notes/3479478","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}