CVE-2019-0352

In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
sapbusinessobjects_business_intelligence_platform
4.10
sapbusinessobjects_business_intelligence_platform
4.20
sapbusinessobjects_business_intelligence_platform
4.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2735924
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
https://launchpad.support.sap.com/#/notes/2735924
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506