During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Businessobjects | Sap | 420 (including) | 420 (including) |
Businessobjects | Sap | 430 (including) | 430 (including) |
Businessobjects_business_intelligence | Sap | 420 (including) | 420 (including) |
Businessobjects_business_intelligence | Sap | 430 (including) | 430 (including) |