CVE-2019-0346
6.5MEDIUM
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 14 August 2019
Summary
Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure.
Affected Version(s)
SAP Business Objects Business Intelligence Platform (CMC) < 4.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved