Lucene search

[email protected]NVD:CVE-2024-33004

HistoryMay 14, 2024 - 4:17 p.m.

CVE-2024-33004

2024-05-1416:17:13

CWE-524

CWE-922

[email protected]

web.nvd.nist.gov

sap business objects

business intelligence

insecure storage

dynamic web pages

cache

exploitation

sensitive information

confidentiality

integrity

availability

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

4.7

Confidence

High

EPSS

Percentile

9.0%

JSON

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

References

me.sap.com/notes/3449093

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

4.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

4.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-33004

cvelist1 vulnrichment1 cve1 nessus1