software business intelligence SAP
SAP Unveils On-Demand Business Intelligence Toolset software business intelligence SAP SAP, which acquired Business Objects in early 2008, already offers hosted versions of its business intelligence tools. But the new software is SAP’s first real multi-tenant, Software-as-a-Service business intelligence application, said James Thomas, vice president of product management for SAP business intelligence tools. SAP BusinessObjects BI OnDemand ties together the vendor’s business intelligence software portfolio into a SaaS package using the BusinessObjects Explorer tool for searching and visualizing large data sets. Thomas said companies that deploy the service could expand the number of employees, particularly those in customer-facing jobs, who use business intelligence. SAP BusinessObjects Enterprise BI The new software provides opportunities for SAP channel partners as well. Solution providers can expand their sales to existing customers, as well as use the product to attract new customers — especially SMBs, said Anil Chitkara, senior vice president of market development at Oco, an SAP channel partner. “The sweet spot for on-demand business intelligence is really in the midmarket and upper-midmarket,” he said. Oco will combine its pre-built industry and line-of-business analytic applications with SAP BusinessObjects BI OnDemand. Chitkara called the new SAP software the first “enterprise-quality SaaS” product from a leading business intelligence vendor and said it provides channel partners more opportunities to develop value-added services. One example: Helping clients connect on-premise and cloud-based systems. “Customers have more power to integrate the data,” he said. SAP is “really making VARs the primary sales channel for this product,” Thomas said, noting that all SAP PartnerEdge program members are eligible to sell the new on-demand product. SAP BusinessObjects BI Platform A free version of the on-demand software, with limited scalability, is available from SAP today, Thomas said. Later this quarter an Essential Edition that works with on-premise data will be available followed by an Advanced Edition that works with both on-premise and on-demand data. SAP BusinessObjects BI platform can be accessed remotely A critical authentication vulnerability allows hackers to remotely invade and completely abuse the SAP BusinessObjects Business Intelligence platform. The ERP and cloud giant has since fixed this issue along with 16 other vulnerabilities. According to SAP’s monthly security release, this critical vulnerability allows hackers to compromise the SAP BusinessObjects BI suite remotely. For affected companies, this has a huge impact on their reliability, integrity and availability, according to SAP. SAP Business One Business Intelligence and Analytics – ZAP BI This is possible on the platform’s versions 430 and 440. More specifically, the critical vulnerability CVE-2024-41730 found involves a “missing authentication check” bug. When Single Sign On for Enterprise authentication is enabled within the SAP BusinessObjects BI platform, hackers can obtain a login token using a REST-based endpoint. Hackers can then fully penetrate and compromise the system. Second critical vulnerability In addition to this vulnerability, another critical flaw, CVE-2024-29415, has been found in SAP systems. This is a server-side request forgery flaw in SAO Build Apps older than version 4.11.130. It involves a vulnerability in the IP package for Node.js, which checks whether a specific IP address is public or private. Because of the flaw, the IP address “127.0.0.1” is sometimes incorrectly recognized as a public and globally routable address. Fourteen other vulnerabilities fixed In addition to these two critical vulnerabilities, SAP also released fixes for quite a few others. These include vulnerabilities found in the SAP BEx Web Java Runtime Export Web Service, SAP S4/HANA, SAP NetWeaver AS Java, and SAP Commerce Cloud, among others. The ERP and cloud giant calls on its solutions’ users to install the patches immediately. Also read: SAP sees 33% increase in Cloud ERP revenue SAP Releases Security Patch for 17 Vulnerabilities Including ‘Missing Authentication Check’ Bug SAP has rolled out a critical security update addressing 17 vulnerabilities, including two high-severity flaws that could potentially lead to severe consequences for organizations. The most critical issue, CVE-2024-41730, could allow unauthorized access to SAP BusinessObjects Business Intelligence Platform systems. Critical Authentication Bypass Vulnerability (Photo : Vipul Jha from Unsplash) A new SAP security patch update was released this month to fix the flaw where remote attackers bypass authentication on the system: missing authentication check bug. One of the most concerning issues resolved in this patch is the critical vulnerability tracked as CVE-2024-41730. This flaw, rated 9.8 on the CVSS v3.1 scale, is classified as a “missing authentication check” bug. It impacts SAP BusinessObjects Business Intelligence Platform versions 430 and 440, and under specific conditions, it can be exploited by remote attackers. If Single Sign-On (SSO) is enabled on Enterprise authentication, an unauthorized user could obtain a logon token using a REST endpoint, effectively bypassing authentication and gaining full access to the system. This vulnerability could potentially expose sensitive data and critical business operations to malicious actors. Related Article: Almost 2.7 Billion Data Records From National Public Data Leaked in Hacking Forum Server-Side Request Forgery in SAP Build Apps According to Bleeping Computer, another critical issue addressed in this update is CVE-2024-29415, a server-side request forgery (SSRF) flaw found in SAP Build Apps versions older than 4.11.130. With a CVSS v3.1 score of 9.1, this vulnerability poses a significant threat to SAP applications. The flaw arises from a weakness in the ‘IP’ package for Node.js, which incorrectly identifies the IP address ‘127.0.0.1’ as public and globally routable when expressed in octal notation. This incorrect classification can allow attackers to manipulate IP addresses, leading to unauthorized access and potential exploitation of the system. This vulnerability is a result of an incomplete fix for a similar issue, CVE-2023-42282, which left some cases vulnerable to exploitation. High-Severity Vulnerabilities in SAP Products In addition to the critical vulnerabilities, SAP’s August 2024 security bulletin also addresses several high-severity issues, with CVSS v3.1 scores ranging from 7.4 to 8.2. These include: CVE-2024-42374: An XML injection vulnerability in SAP BEx Web Java Runtime Export Web Service, affecting versions BI-BASE-E 7.5, BI-BASE-B 7.5, BI-IBC 7.5, BI-BASE-S 7.5, and BIWEBAPP 7.5. CVE-2023-30533: A prototype pollution flaw in SAP S/4 HANA’s Manage Supply Protection module, impacting library versions of SheetJS …