CVE-2019-0333
MEDIUMSAP BusinessObjects Business Intelligence Platform 4.2, 4.3 - Information Disclosure via Query Cancellation
Title source: llmDescription
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2764513
Scores
CVSS v3
6.5
EPSS
0.0027
EPSS Percentile
50.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
sap/businessobjects_business_intelligence
4.2
Published
Aug 14, 2019
Tracked Since
Feb 18, 2026