CVE-2019-0346

Published: Aug 14, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure.

Affected (1)

Products: Sap: Businessobjects Business Intelligence

1 product

Businessobjects Business Intelligence

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence	Version 4.2

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://launchpad.support.sap.com/#/notes/2764513

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2764513

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.