CVE-2019-0352

{"id": "CVE-2019-0352", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-10T17:15:10.750", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2735924", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout."}, {"lang": "es", "value": "En SAP Business Objects Business Intelligence Platform, versiones anteriores a 4.1, 4.2 y 4.3, algunas p\u00e1ginas din\u00e1micas (como jsp) son almacenadas en cach\u00e9, lo que conlleva a que un atacante pueda visualizar la informaci\u00f3n confidencial por medio de la cach\u00e9 y puede abrir las p\u00e1ginas din\u00e1micas incluso luego de cerrar sesi\u00f3n."}], "lastModified": "2019-09-11T12:20:29.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B376347-8275-422E-85EB-FFF06DD4B163"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94D99965-4042-45FB-9DD1-E2179BC2CB04"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8736E5E3-BF1A-4E3C-92B9-E81C4F7B4877"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}