The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.
http://service.sap.com/sap/support/notes/0002011395
http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/