CVE-2024-33004

{"id": "CVE-2024-33004", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2024-05-14T16:17:13.957", "references": [{"url": "https://me.sap.com/notes/3449093", "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-524"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."}, {"lang": "es", "value": "SAP Business Objects Business Intelligence Platform es vulnerable al almacenamiento inseguro, ya que las p\u00e1ginas web din\u00e1micas se almacenan en cach\u00e9 incluso despu\u00e9s de cerrar la sesi\u00f3n. Si la explotaci\u00f3n tiene \u00e9xito, el atacante puede ver la informaci\u00f3n confidencial a trav\u00e9s del cach\u00e9 y abrir las p\u00e1ginas, lo que provoca un impacto limitado en la confidencialidad, la integridad y la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-09-28T23:15:13.420", "sourceIdentifier": "cna@sap.com"}