CVE-2019-0331 — Sensitive Information Exposure in SE SAP Businessobjects Business Intelligence Platform

3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 56.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedAug 14

Latest updateMay 24

Description

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform< 4.1+2

▶NVDsap/businessobjects_business_intelligence4.1, 4.2, 4.3+2

🔴Vulnerability Details

GHSA

GHSA-x276-rg73-2rvg: Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4↗2022-05-24

▶

CVEList

CVE-2019-0331: Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4↗2019-08-14

▶