CVE-2019-0333

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.

Published: Aug 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0333
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sap / businessobjects_business_intelligence	4.2	4.2.x

https://launchpad.support.sap.com/#/notes/2764513
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Vulnerability Database

289,871

CVE-2019-0333