Skip links

CVE-2019-0289 Information Disclosure in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP, SAP security note 2738796

Description

Under certain conditions SAP BusinessObjects Business Intelligence platform / Analysis for OLAP allows an attacker to access information which would otherwise be restricted.

Some well-known impacts of Information Disclosure are –

  • loss of information and system configuration confidentiality: Metadata
  • information gathering for further exploits and attacks:

Available fix and Supported packages

  • ENTERPRISE | 420 | 420
  • ENTERPRISE | 430 | 430
  • SBOP BI PLATFORM SERVERS 4.2 | SP005 | 000900
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 000600
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000000
  • SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000

Affected component

    BI-RA-AWB
    Analysis, edition for OLAP (Web)

CVSS

Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2738796

TAGS

#Information-Exposure
#Information-Leak
#SNC
#AOLAP
#A-OLAP
#&160-CVE-2019-0289