Skip links

Information Disclosure in OLAP Queries, SAP security note 2638288

Description

Under certain conditions OLAP queries allow an attacker to access information which would otherwise be restricted.

Some well-known impacts of Information Disclosure are –

  • loss of information and system configuration confidentiality
  • information gathering for further exploits and attacks 

Available fix and Supported packages

  • DW4CORE | 100 | 100
  • SAP_BW | 740 | 740
  • SAP_BW | 750 | 753
  • DW4CORE 100 | SAPK-10010INDW4CORE |
  • SAP_BW 752 | SAPK-75203INSAPBW |
  • SAP_BW 750 | SAPK-75013INSAPBW |
  • SAP_BW 753 | SAPK-75301INSAPBW |
  • SAP_BW 740 | SAPKW74021 |

Affected component

    BW4-AE
    Analytic Engine

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2638288

TAGS

#Information-Exposure
#Information-Leak