Information Disclosure Vulnerability in SAP Business Objects by SAP
CVE-2019-0346

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Business Intelligence Platform (cmc)
Vendor: CVE Published:; 14 August 2019

Summary

The vulnerability occurs due to an unencrypted communication issue within the Central Management Console of SAP Business Objects Business Intelligence Platform version 4.2. This flaw allows unauthorized access to sensitive data, specifically the disclosure of usernames and roles that have been imported from SAP NetWeaver BI systems. As a result, attackers may exploit this vulnerability to gain insights into user access levels and roles within the system, potentially leading to further misuse of sensitive information.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (CMC) < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2764513

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2019
Vulnerability Reserved
Nov 26, 2018