Description
SAP BusinessObjects Mobile (MobileBIService) allows an unauthenticated attacker using specially-crafted payload to send requests to some endpoints that could overload the impacted servlet and render it unresponsive. This causes a denial of service situation and prevents legitimate users from accessing the impacted component, until it is explicitly restarted.
Available fix and Supported packages
- ENTERPRISE | 420 | 420
- SBOP BI PLATFORM SERVERS 4.2 | SP006 | 001100
- SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000600
- SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000
Affected component
- MOB-APP-BI-SRV
Mobile BI Server
CVSS
Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2826782