CVE-2024-33004 — Use of Cache Containing Sensitive Information in SE SAP Businessobjects Business Intelligence Platform

CWE-524 — Use of Cache Containing Sensitive Information CWE-922 — Insecure Storage of Sensitive Information3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 80.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedMay 14

Description

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 0.9 | Impact: 3.4

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform430, 440+1

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform430, 440+1

Patches

Patch: support.sap.com ↗Patch: support.sap.com ↗

🔴Vulnerability Details

GHSA

GHSA-3m6r-3gw2-h96x: SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out↗2024-05-14

▶

CVEList

Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)↗2024-05-14

▶