Skip links

CVE-2019-0287 Information Disclosure in SAP BusinessObjects Business Intelligence platform / Central Management Server, SAP security note 2737278

Description

Under certain conditions SAP BusinessObjects Business Intelligence platform / Central Management Server allows an attacker to access information which would otherwise be restricted.

Some well-known impacts of Information Disclosure are –

  • loss of information and system configuration confidentiality: the list of user names and roles imported from SAP NetWeaver BI systems (BW) can be disclosed.
  • information gathering for further exploits and attacks 

Available fix and Supported packages

  • ENTERPRISE | 420 | 420
  • ENTERPRISE | 430 | 430
  • SBOP BI PLATFORM SERVERS 4.2 | SP005 | 000900
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 000600
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000000
  • SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000

Affected component

    BI-BIP-SRV
    CMS / Auditing issues (excl. 3rd Party Authentication)

CVSS

Score: 6.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2737278

TAGS

#Information-Exposure
#Information-Leak
#SNC
#CMS
#&160-CVE-2019-0287