CVE-2019-0398
https://notcve.org/view.php?id=CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. Debido a una protección CSRF insuficiente, la plataforma SAP BusinessObjects Business Intelligence (Monitoring Application), versiones anteriores a 4.1, 4.2 y 4.3, puede conllevar a que un usuario autenticado envíe peticiones no deseadas al servidor web, conllevando a una vulnerabilidad de tipo Cross Site Request Forgery. • https://launchpad.support.sap.com/#/notes/2701027 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-0395
https://notcve.org/view.php?id=CVE-2019-0395
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. La plataforma SAP BusinessObjects Business Intelligence (Fiori BI Launchpad), versiones anteriores a 4.2, permite una ejecución de JavaScript en un módulo de texto en Fiori BI Launchpad, lo que conlleva a una vulnerabilidad de tipo Cross Site Scripting Almacenada. • https://launchpad.support.sap.com/#/notes/2830578 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0396
https://notcve.org/view.php?id=CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows. SAP BusinessObjects Business Intelligence Platform (interfaz HTML de Web Intelligence), corregida en las versiones 4.1 y 4.2, no comprueba suficientemente un documento XML aceptado desde una fuente no segura. Un atacante puede crear un mensaje que contenga elementos maliciosos que no serán filtrados correctamente por parte de la interfaz HTML de Web Intelligence en algunos flujos de trabajo específicos. • https://launchpad.support.sap.com/#/notes/2814007 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-20: Improper Input Validation •
CVE-2019-0382
https://notcve.org/view.php?id=CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in order to exploit this vulnerability. Existe una vulnerabilidad de tipo Cross-Site Scripting en SAP BusinessObjects Business Intelligence Platform (páginas relacionadas con Web Intelligence-Publication); corregido en la versión 4.2. Se requieren privilegios para explotar esta vulnerabilidad. • https://launchpad.support.sap.com/#/notes/2817937 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0378
https://notcve.org/view.php?id=CVE-2019-0378
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2, no codifica suficientemente las entradas controladas por el usuario y permite a un atacante almacenar scripts maliciosos en el nombre de archivo de la imagen de fondo, resultando en una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •