Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP BusinessObjects Business Intelligence Platform (Webservices) by SAP_SE

    CVE-2024-33004 (GCVE-0-2024-33004)

    Vulnerability from nvd – Published: 2024-05-14 04:00 – Updated: 2024-09-28 22:29
    VLAI
    Title
    Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
    Summary
    SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-524 - Use of Cache Containing Sensitive Information
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP BusinessObjects Business Intelligence Platform (Webservices) Affected: 430
    Affected: 440
    Create a notification for this product.
    sap_se sap_business_objects_business_intgelligence_platform Affected: 430
        cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_business_objects_business_intgelligence_platform Affected: 440
        cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_business_objects_business_intgelligence_platform",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "430"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_business_objects_business_intgelligence_platform",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "440"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T15:06:53.672462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:44:43.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:53.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3449093"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP BusinessObjects Business Intelligence Platform (Webservices)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "430"
                },
                {
                  "status": "affected",
                  "version": "440"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."
                }
              ],
              "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524: Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-28T22:29:25.011Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3449093"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-33004",
        "datePublished": "2024-05-14T04:00:25.081Z",
        "dateReserved": "2024-04-23T04:04:25.521Z",
        "dateUpdated": "2024-09-28T22:29:25.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-33004 (GCVE-0-2024-33004)

    Vulnerability from cvelistv5 – Published: 2024-05-14 04:00 – Updated: 2024-09-28 22:29
    VLAI
    Title
    Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)
    Summary
    SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-524 - Use of Cache Containing Sensitive Information
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP BusinessObjects Business Intelligence Platform (Webservices) Affected: 430
    Affected: 440
    Create a notification for this product.
    sap_se sap_business_objects_business_intgelligence_platform Affected: 430
        cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*
    Create a notification for this product.
    sap_se sap_business_objects_business_intgelligence_platform Affected: 440
        cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_business_objects_business_intgelligence_platform",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "430"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sap_business_objects_business_intgelligence_platform",
                "vendor": "sap_se",
                "versions": [
                  {
                    "status": "affected",
                    "version": "440"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-33004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-14T15:06:53.672462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:44:43.596Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:27:53.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3449093"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP BusinessObjects Business Intelligence Platform (Webservices)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "430"
                },
                {
                  "status": "affected",
                  "version": "440"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."
                }
              ],
              "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524: Use of Cache Containing Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-28T22:29:25.011Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3449093"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-33004",
        "datePublished": "2024-05-14T04:00:25.081Z",
        "dateReserved": "2024-04-23T04:04:25.521Z",
        "dateUpdated": "2024-09-28T22:29:25.011Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }