CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2447
https://notcve.org/view.php?id=CVE-2018-2447
14 Aug 2018 — SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), versión 4.2, permite que un atacante ejecute consultas InfoObject manipuladas, exponiendo la base de datos CMS InfoObjects. • http://www.securityfocus.com/bid/105075 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2444
https://notcve.org/view.php?id=CVE-2018-2444
14 Aug 2018 — SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Financial Consolidation 10.0 y 10.1 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105087 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-2427
https://notcve.org/view.php?id=CVE-2018-2427
10 Jul 2018 — SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP BusinessObjects Business Intelligence Suite, en versiones 4.10 y 4.20, y SAP Crystal Reports (versión para Visual Studio .NET, Version 2010) permite que un atacante inyecte código que puede ser ejecutado por la aplicación... • http://www.securityfocus.com/bid/104715 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2431
https://notcve.org/view.php?id=CVE-2018-2431
10 Jul 2018 — SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Suite 4.10 y 4.20 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104695 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-2432
https://notcve.org/view.php?id=CVE-2018-2432
10 Jul 2018 — SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) 4.10, 4.20 y 4.30 permite que un atacante incluya datos no validados en la cabecera d... • http://www.securityfocus.com/bid/104716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2408
https://notcve.org/view.php?id=CVE-2018-2408
10 Apr 2018 — Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Gestión incorrecta de sesión en SAP Business Objects, en su versión 4.0, desde la versión 4.20, 4.30, en CMC/BI Launchpad/Fiorified BI Launchpad. En el caso de que se cambie la contraseña de un usuario, el resto de sesiones activas creadas con la contraseña antigua s... • http://www.securityfocus.com/bid/103700 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2397
https://notcve.org/view.php?id=CVE-2018-2397
14 Mar 2018 — In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. En SAP Business Objects Business Intelligence Platform, en versiones 4.00, 4.10, 4.20 y 4.30, el CMC (Central Management Console) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-16683
https://notcve.org/view.php?id=CVE-2017-16683
12 Dec 2017 — Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. Denegación de servicio (DoS) en SAP Business Objects Platform, Enterprise 4.10 y 4.20, que podría permitir que un atacante evite que usuarios legítimos accedan a un servicio. • http://www.securityfocus.com/bid/102146 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14516
https://notcve.org/view.php?id=CVE-2017-14516
03 Dec 2017 — Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. Existe Cross-Site Scripting (XSS) en versiones anteriores a la 2017-06-13 de SAP Business Objects Financial Consolidation, también conocido como SAP Security Note 2422292. • https://blogs.sap.com/2017/06/13/sap-security-patch-day-june2017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6061 – SAP BusinessObjects Financial Consolidation 10.0.0.1933 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-6061
27 Feb 2017 — Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. Vulnerabilidad de XSS en el componente de ayuda de SAP BusinessObjects Financial Consolidation 10.0.0.1933 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a travé... • https://packetstorm.news/files/id/141349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •