During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Businessobjects_business_intelligence | Sap | 420 | 420 |
Businessobjects_business_intelligence | Sap | 430 | 430 |
Businessobjects | Sap | 430 | 430 |
Businessobjects | Sap | 420 | 420 |