CVE-2018-2447
https://notcve.org/view.php?id=CVE-2018-2447
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), versión 4.2, permite que un atacante ejecute consultas InfoObject manipuladas, exponiendo la base de datos CMS InfoObjects. • http://www.securityfocus.com/bid/105075 https://launchpad.support.sap.com/#/notes/2644154 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-2432
https://notcve.org/view.php?id=CVE-2018-2432
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) 4.10, 4.20 y 4.30 permite que un atacante incluya datos no validados en la cabecera de respuesta HTTP enviada a un usuario web. La explotación con éxito de esta vulnerabilidad podría desembocar en ataques avanzados, incluyendo Cross-Site Scripting (XSS) y el secuestro de páginas. • http://www.securityfocus.com/bid/104716 https://launchpad.support.sap.com/#/notes/2523290 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2408
https://notcve.org/view.php?id=CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Gestión incorrecta de sesión en SAP Business Objects, en su versión 4.0, desde la versión 4.20, 4.30, en CMC/BI Launchpad/Fiorified BI Launchpad. En el caso de que se cambie la contraseña de un usuario, el resto de sesiones activas creadas con la contraseña antigua seguirán estando activas. • http://www.securityfocus.com/bid/103700 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2537150 • CWE-384: Session Fixation •