CVE-2018-2471
https://notcve.org/view.php?id=CVE-2018-2471
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP BusinessObjects Business Intelligence Platform, en versiones 4.10 y 4.20, permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/105530 https://launchpad.support.sap.com/#/notes/2654905 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 •
CVE-2018-2397
https://notcve.org/view.php?id=CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. En SAP Business Objects Business Intelligence Platform, en versiones 4.00, 4.10, 4.20 y 4.30, el CMC (Central Management Console) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103373 https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018 https://launchpad.support.sap.com/#/notes/2550538 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •