CVE-2020-6216
https://notcve.org/view.php?id=CVE-2020-6216
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP Business Objects Business Intelligence Platform (BI Launchpad), versión 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2876059 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6221
https://notcve.org/view.php?id=CVE-2020-6221
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. La interfaz Web Intelligence HTML en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6223
https://notcve.org/view.php?id=CVE-2020-6223
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. El documento abierto de SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, permite a un atacante modificar determinadas páginas de error para incluir contenido malicioso. Esto puede desviar a un usuario que es engañado para que acceda a estas páginas de error renderizadas por la aplicación, conllevando a una Suplantación de Contenido. • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-6218
https://notcve.org/view.php?id=CVE-2020-6218
Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure. Las herramientas de administración y el Query Builder en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, permiten a un atacante acceder a información que de otra manera debería estar restringida, conllevando a una divulgación de información. • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 •
CVE-2020-6189
https://notcve.org/view.php?id=CVE-2020-6189
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. Determinadas páginas de configuración en SAP Business Objects Business Intelligence Platform (CMC), versión 4.2, genera mensajes de error que pueden proporcionar información relacionada con la red privada de la empresa que de otro modo se restringiría, conllevando a una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2695210 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-209: Generation of Error Message Containing Sensitive Information •