CVE-2019-0333

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sapbusinessobjects_business_intelligence
4.2
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2764513
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
https://launchpad.support.sap.com/#/notes/2764513
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017