CVE-2024-33004

MEDIUM

SAP Business Objects - Info Disclosure

Title source: llm

Description

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

References (2)

[Permissions Required] https://me.sap.com/notes/3449093

[Patch] https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

Scores

CVSS v3 4.3

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-524 CWE-922

Status published

Products (2)

sap/businessobjects_business_intelligence_platform 430

sap/businessobjects_business_intelligence_platform 440

Published May 14, 2024

Tracked Since Feb 18, 2026