CVE-2019-0346

Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure.

Published: Aug 14, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0346
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-319

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
sap / businessobjects_business_intelligence	4.2	4.2.x

https://launchpad.support.sap.com/#/notes/2764513
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

Vulnerability Database

289,871

CVE-2019-0346