CVE-2019-0346

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (Central Management Console) version 4.2

Description The issue is related to an unencrypted communication error, which leads to the disclosure of a list of user names and roles imported from SAP NetWeaver BI systems, resulting in information disclosure. The vulnerability in the Central Management Console component is associated with a lack of protection for service data, allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For version 4.2, consider implementing encrypted communication to protect service data and prevent information disclosure. As a temporary workaround, restrict access to the Central Management Console to minimize the risk of exploitation.