CVE-2020-6231
https://notcve.org/view.php?id=CVE-2020-6231
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Business Objects Business Intelligence Platform (interfaz Web Intelligence HTML), versión 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://launchpad.support.sap.com/#/notes/2879132 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6227
https://notcve.org/view.php?id=CVE-2020-6227
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. SAP Business Objects Business Intelligence Platform (problemas de CMS / Auditing), versión 4.2, permite a un atacante enviar paquetes GIOP especialmente diseñados hacia varios servicios debido a una Comprobación de Entrada Inapropiada, permitiendo falsificar entradas adicionales en archivos de registro GLF. • https://launchpad.support.sap.com/#/notes/2863396 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVE-2020-6219
https://notcve.org/view.php?id=CVE-2020-6219
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versiones 4.1, 4.2 y Crystal Reports para VS versión 2010, permite a un atacante con autorización básica llevar a cabo ataques de deserialización en la aplicación, conllevando a interrupciones del servicio y una denegación de servicio y a una ejecución no autorizada de comandos arbitrarios, conllevando a la deserialización de datos no confiables. • https://launchpad.support.sap.com/#/notes/2863731 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-502: Deserialization of Untrusted Data •
CVE-2020-6222
https://notcve.org/view.php?id=CVE-2020-6222
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Business Objects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://launchpad.support.sap.com/#/notes/2880804 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6216
https://notcve.org/view.php?id=CVE-2020-6216
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP Business Objects Business Intelligence Platform (BI Launchpad), versión 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2876059 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •