CVE-2024-33004

EPSS 0.06%
Veröffentlicht 14.05.2024 16:17:13
Zuletzt bearbeitet 23.10.2025 12:21:52
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Businessobjects Business Intelligence Platform Version430 SwEdition-

SAP ≫ Businessobjects Business Intelligence Platform Version440 SwEdition-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.3	0.9	3.4	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Patch

https://me.sap.com/notes/3449093

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-33004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33004

EUVD