Security firm Onapsis released security advisories for “high risk” vulnerabilities impacting SAP BusinessObjects Edge 4.0.
Customers should immediately employ patches for the three vulnerabilities in the enterprise software, which could allow a remote, unauthenticated attacker to access and delete auditing information on the remote system, as well as access and overwrite sensitive business data, and retrieve sensitive business data stored on the remote system, an Onapsis release said.
The bugs could be leveraged to “gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting,” Onapsis explained.
Two “medium risk” issues were also patched by Onapsis – one affecting SAP BusinessObjects Edge 4.0, which could allow unauthorized audit information access via CORBA, and multiple reflected cross-site scripting vulnerabilities in the SAP HANA XS Administrational Tool.