CVE-2024-33004
4.3
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP BusinessObjects Business Intelligence Platform (Webservices) | 430 | affected |
| SAP_SE | SAP BusinessObjects Business Intelligence Platform (Webservices) | 440 | affected |
Weaknesses
- CWE-524: CWE-524: Use of Cache Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://me.sap.com/notes/3449093
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
References
- https://me.sap.com/notes/3449093
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.