Under certain conditions SAP BusinessObjects Business Intelligence platform / Central Management Server allows an attacker to access information which would otherwise be restricted.
Some well-known impacts of Information Disclosure are –
- loss of information and system configuration confidentiality: the list of user names and roles imported from SAP NetWeaver BI systems (BW) can be disclosed.
- information gathering for further exploits and attacks
Available fix and Supported packages
- ENTERPRISE | 420 | 420
- ENTERPRISE | 430 | 430
- SBOP BI PLATFORM SERVERS 4.2 | SP005 | 000900
- SBOP BI PLATFORM SERVERS 4.2 | SP006 | 000600
- SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000000
- SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000
CMS / Auditing issues (excl. 3rd Party Authentication)
Exploit is not available.
For detailed information please contact the mail [email protected]