CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0376
https://notcve.org/view.php?id=CVE-2019-0376
08 Oct 2019 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario... • https://launchpad.support.sap.com/#/notes/2817945 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0375
https://notcve.org/view.php?id=CVE-2019-0375
08 Oct 2019 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en ... • https://launchpad.support.sap.com/#/notes/2817945 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0374
https://notcve.org/view.php?id=CVE-2019-0374
08 Oct 2019 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el título del gráfico, res... • https://launchpad.support.sap.com/#/notes/2817945 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0352
https://notcve.org/view.php?id=CVE-2019-0352
10 Sep 2019 — In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. En SAP Business Objects Business Intelligence Platform, versiones anteriores a 4.1, 4.2 y 4.3, algunas páginas dinámicas (como jsp) son almacenadas en caché, lo que conlleva a que un atacante pueda visualizar la información confidencial por medio de la caché ... • https://launchpad.support.sap.com/#/notes/2735924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0348
https://notcve.org/view.php?id=CVE-2019-0348
14 Aug 2019 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versiones 4.1, 4.2, puede acceder a la base de datos con conexión sin cifrar, incluso si la calidad de la protección debe ser cifrada. • https://launchpad.support.sap.com/#/notes/2751470 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0346
https://notcve.org/view.php?id=CVE-2019-0346
14 Aug 2019 — Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure. Error de comunicación no cifrada en SAP Business Objects Business Intelligence Platform (Central Management Console), versión 4.2, conlleva a la divulgación de la lista de nombres de usuario y roles importados desde los sistemas SAP NetWeaver BI, result... • https://launchpad.support.sap.com/#/notes/2764513 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0334
https://notcve.org/view.php?id=CVE-2019-0334
14 Aug 2019 — When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. Cuando se crea un módulo en SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, es posible almacenar un scrip... • https://launchpad.support.sap.com/#/notes/2771221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0333
https://notcve.org/view.php?id=CVE-2019-0333
14 Aug 2019 — In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure. En algunas situaciones, cuando un cliente cancela una consulta en SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versiones 4.2, 4.3, el atacante puede entonces consultar y recibir to... • https://launchpad.support.sap.com/#/notes/2764513 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0335
https://notcve.org/view.php?id=CVE-2019-0335
14 Aug 2019 — Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. Bajo determinadas condiciones SAP BusinessObjects Business Intelligence Platform ... • https://launchpad.support.sap.com/#/notes/2742468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0332
https://notcve.org/view.php?id=CVE-2019-0332
14 Aug 2019 — SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (Info View), versiones 4.1, 4.2, 4.3, permite a un atacante entregar alguna carga útil para la palabra clave en la búsqueda y será ejecutada mientras la búsqueda realiza su acción, lo que result... • https://launchpad.support.sap.com/#/notes/2742468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •