CVE-2019-0352

EUVD-2019-1125
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
sapbusinessobjects_business_intelligence_platform
4.10
sapbusinessobjects_business_intelligence_platform
4.20
sapbusinessobjects_business_intelligence_platform
4.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2735924
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
https://launchpad.support.sap.com/#/notes/2735924
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506