{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33004", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-04-23T04:04:25.521Z", "datePublished": "2024-05-14T04:00:25.081Z", "dateUpdated": "2024-09-28T22:29:25.011Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP BusinessObjects Business Intelligence Platform (Webservices)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "430"}, {"status": "affected", "version": "440"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."}], "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "CWE-524: Use of Cache Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-28T22:29:25.011Z"}, "references": [{"url": "https://me.sap.com/notes/3449093"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33004", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T15:06:53.672462Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*"], "vendor": "sap_se", "product": "sap_business_objects_business_intgelligence_platform", "versions": [{"status": "affected", "version": "430"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*"], "vendor": "sap_se", "product": "sap_business_objects_business_intgelligence_platform", "versions": [{"status": "affected", "version": "440"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:44:43.596Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.306Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3449093", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3449093", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:27:53.306Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33004", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T15:06:53.672462Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:430:*:*:*:*:*:*:*"], "vendor": "sap_se", "product": "sap_business_objects_business_intgelligence_platform", "versions": [{"status": "affected", "version": "430"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:sap_se:sap_business_objects_business_intgelligence_platform:440:*:*:*:*:*:*:*"], "vendor": "sap_se", "product": "sap_business_objects_business_intgelligence_platform", "versions": [{"status": "affected", "version": "440"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T14:44:20.834Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Insecure Storage vulnerability in SAP BusinessObjects Business Intelligence Platform (Webservices)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP BusinessObjects Business Intelligence Platform (Webservices)", "versions": [{"status": "affected", "version": "430"}, {"status": "affected", "version": "440"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3449093"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.", "supportingMedia": [{"type": "text/html", "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-524", "description": "CWE-524: Use of Cache Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-28T22:29:25.011Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33004", "state": "PUBLISHED", "dateUpdated": "2024-09-28T22:29:25.011Z", "dateReserved": "2024-04-23T04:04:25.521Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-05-14T04:00:25.081Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."}, {"lang": "es", "value": "SAP Business Objects Business Intelligence Platform es vulnerable al almacenamiento inseguro, ya que las p\u00e1ginas web din\u00e1micas se almacenan en cach\u00e9 incluso despu\u00e9s de cerrar la sesi\u00f3n. Si la explotaci\u00f3n tiene \u00e9xito, el atacante puede ver la informaci\u00f3n confidencial a trav\u00e9s del cach\u00e9 y abrir las p\u00e1ginas, lo que provoca un impacto limitado en la confidencialidad, la integridad y la disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2024-33004", "lastModified": "2024-09-28T23:15:13.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2024-05-14T16:17:13.957", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3449093"}, {"source": "cna@sap.com", "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}

{}