Lucene search

K
cve[email protected]CVE-2024-33004
HistoryMay 14, 2024 - 4:17 p.m.

CVE-2024-33004

2024-05-1416:17:13
web.nvd.nist.gov
25
sap
business intelligence
insecure storage
dynamic web pages
exploitation
sensitive information
cache
confidentiality
integrity
availability

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.9%

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Business Intelligence Platform (Webservices)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "430"
      },
      {
        "status": "affected",
        "version": "440"
      }
    ]
  }
]

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.9%

Related for CVE-2024-33004