CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-6242
https://notcve.org/view.php?id=CVE-2020-6242
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. SAP Business Objects Business Intelligence Platform (Live Data Connect), versiones 1.0, 2.0, 2.1, 2.2, 2.3, permite a un atacante entrar en la Central Management Console sin contraseña en caso de que el servidor de aplicaciones BIPRWS no estuviera protegido con algún certificado específico, conllevando a una Falta de Comprobación de Autenticación • https://launchpad.support.sap.com/#/notes/2885244 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0395
https://notcve.org/view.php?id=CVE-2019-0395
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. La plataforma SAP BusinessObjects Business Intelligence (Fiori BI Launchpad), versiones anteriores a 4.2, permite una ejecución de JavaScript en un módulo de texto en Fiori BI Launchpad, lo que conlleva a una vulnerabilidad de tipo Cross Site Scripting Almacenada. • https://launchpad.support.sap.com/#/notes/2830578 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0382
https://notcve.org/view.php?id=CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability. Existe una vulnerabilidad de tipo Cross-Site Scripting en SAP BusinessObjects Business Intelligence Platform (páginas relacionadas con Web Intelligence-Publication); corregido en la versión 4.2. Se requieren privilegios para explotar esta vulnerabilidad. • https://launchpad.support.sap.com/#/notes/2817937 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •