CVE-2019-0333
N/A
N/A
Summary
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) | < 4.2 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
- https://launchpad.support.sap.com/#/notes/2764513
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
- https://launchpad.support.sap.com/#/notes/2764513
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.