PT-2019-4450 · Sap · Sap Netweaver+1

Published

2019-08-13

Updated

2020-08-24

CVE-2019-0346

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (Central Management Console) version 4.2

Description The issue is related to an unencrypted communication error, which leads to the disclosure of a list of user names and roles imported from SAP NetWeaver BI systems, resulting in information disclosure. The vulnerability in the Central Management Console component is associated with a lack of protection for service data, allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For version 4.2, consider implementing encrypted communication to protect service data and prevent information disclosure. As a temporary workaround, restrict access to the Central Management Console to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-200

Related Identifiers

BDU:2020-00237

CVE-2019-0346

Affected Products

Sap Businessobjects Business Intelligence Platform

Sap Netweaver

PT-2019-4450 · Sap · Sap Netweaver+1

CVE-2019-0346

Weakness Enumeration

Related Identifiers

Affected Products

References · 6