7.5

CVE-2019-0352

EPSS 0.28%
Veröffentlicht 10.09.2019 17:15:10
Zuletzt bearbeitet 21.11.2024 04:16:43
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Businessobjects Business Intelligence Platform Version4.10

SAP ≫ Businessobjects Business Intelligence Platform Version4.20

SAP ≫ Businessobjects Business Intelligence Platform Version4.30

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.485

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://launchpad.support.sap.com/#/notes/2735924

Vendor Advisory

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-0352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-0352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-0352

EUVD