← back
CVE-2017-16684

CVE-2017-16684

EPSS 2.5%
In short

The SAP Business Intelligence Promotion Management Application skips authentication checks, allowing anyone to access restricted features without proving who they are. This is serious because sensitive business data and operations can be accessed by unauthorized users.

Technical detail

The application fails to implement authentication verification for certain functionalities across versions 4.10, 4.20, and 4.30, enabling unauthenticated access to protected operations. An attacker can directly invoke privileged functions without valid credentials, potentially leading to unauthorized data disclosure, manipulation, or system compromise.

Summary generated and translated by AI from the official description.
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
Affected products
SAP · SAP Business Intelligence Promotion Management Application

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/https://launchpad.support.sap.com/#/notes/2537152http://www.securityfocus.com/bid/102147