SAP Business Objects Business Intelligence Platform 中存在服务器端请求伪造漏洞

该漏洞的关键影响在于攻击者能够枚举内部网络中的HTTP端点。虽然该漏洞本身不影响数据的完整性和可用性，但枚举到的端点信息可能被攻击者用于进一步的SSRF攻击，从而访问内部资源或执行恶意操作。攻击者可以利用这些信息尝试访问内部服务、读取敏感数据，甚至可能绕过安全控制，进行横向移动。如果内部网络中存在未受保护的API或管理接口，攻击者可能会利用SSRF漏洞进行未经授权的访问。

Organizations utilizing SAP Business Objects Business Intelligence Platform, particularly those with complex internal network architectures and limited network segmentation, are at increased risk. Shared hosting environments where multiple tenants share the same infrastructure could also be vulnerable if the platform is deployed in a multi-tenant configuration.

• java / server:

# Monitor access logs for requests to internal endpoints originating from the SAP Business Objects platform.
# Example (assuming Apache access logs): grep "SAP Business Objects" /var/log/apache2/access.log | grep "internal_endpoint"

• generic web:

# Use curl to probe for potential internal endpoints.  This is a manual check, not automated.
curl -v http://<SAP_Business_Objects_IP>/internal_endpoint

1. 2025-06-10Disclosure

   disclosure

1. 已保留2025-04-16
2. 发布日期2025-06-10
3. EPSS 更新日期2026-03-23

为了缓解CVE-2025-42988的影响，首要措施是升级SAP Business Objects Business Intelligence Platform至430.0.1版本或更高版本。如果无法立即升级，可以考虑实施一些临时缓解措施，例如在网络层面上限制对内部HTTP端点的访问，使用防火墙或Web应用防火墙（WAF）来过滤恶意HTTP请求。此外，定期审查和更新内部网络的安全配置，确保所有服务都受到适当的保护。