SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Businessobjects_business_intelligence_platform | Sap | 430 (including) | 430 (including) |
| Businessobjects_business_intelligence_platform | Sap | 440 (including) | 440 (including) |