Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform
CVE-2019-0352

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (cmc)
Vendor: CVE Published:; 10 September 2019

Summary

An information disclosure vulnerability exists in SAP Business Objects Business Intelligence Platform prior to version 4.1, 4.2, and 4.3. This vulnerability allows an attacker to access sensitive information through cached dynamic pages, including JSP files. Even after a user has logged out, these cached pages may reveal sensitive information, presenting a risk to the confidentiality of user data. Organizations using the affected versions should apply the necessary updates to mitigate this risk.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (CMC) < 4.1 < 4.1

SAP BusinessObjects Business Intelligence Platform (CMC) < 4.2 < 4.2

SAP BusinessObjects Business Intelligence Platform (CMC) < 4.3 < 4.3

References

https://launchpad.support.sap.com/#/notes/2735924

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2019
Vulnerability Reserved
Nov 26, 2018