CVE-2024-33004

SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3449093	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	Patch
https://me.sap.com/notes/3449093	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430::::-:::
	cpe:2.3:a:sap:businessobjects_business_intelligence_platform:440::::-:::

History

23 Oct 2025, 12:21

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3449093 -~~	() https://me.sap.com/notes/3449093 - Permissions Required
References	~~() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html -~~	() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html - Patch
CPE		cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430::::-::: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:440::::-:::
First Time		Sap businessobjects Business Intelligence Platform Sap

Information

Published : 2024-05-14 16:17

Updated : 2025-10-23 12:21

NVD link : CVE-2024-33004

Mitre link : CVE-2024-33004

CVE.ORG link : CVE-2024-33004

JSON object : View

Products Affected

sap

businessobjects_business_intelligence_platform

CWE

CWE-524

Use of Cache Containing Sensitive Information

CWE-922

Insecure Storage of Sensitive Information

{"id": "CVE-2024-33004", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2024-05-14T16:17:13.957", "references": [{"url": "https://me.sap.com/notes/3449093", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3449093", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-524"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on Confidentiality, Integrity and Availability of the application."}, {"lang": "es", "value": "SAP Business Objects Business Intelligence Platform es vulnerable al almacenamiento inseguro, ya que las p\u00e1ginas web din\u00e1micas se almacenan en cach\u00e9 incluso despu\u00e9s de cerrar la sesi\u00f3n. Si la explotaci\u00f3n tiene \u00e9xito, el atacante puede ver la informaci\u00f3n confidencial a trav\u00e9s del cach\u00e9 y abrir las p\u00e1ginas, lo que provoca un impacto limitado en la confidencialidad, la integridad y la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-10-23T12:21:52.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:430:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "4AA1BB94-FF0C-4D4D-A8EC-F0D8505B966C"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:440:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0670A535-8FDB-45FD-9443-1F24BB5A7E65"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}