CVE-2019-0333

Published: Aug 14, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.

Affected (1)

Products: Sap: Businessobjects Business Intelligence

1 product

Businessobjects Business Intelligence

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence	Version 4.2

References (4)

https://launchpad.support.sap.com/#/notes/2764513

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2764513

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.