In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2764513 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2019-08-14T13:47:36
Updated: 2019-08-14T13:47:36
Reserved: 2018-11-26T00:00:00
Link: CVE-2019-0333
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-14T14:15:15.607
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-0333
JSON object: View
Redhat Information
No data.
CWE