CVE-2018-2425
https://notcve.org/view.php?id=CVE-2018-2425
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP Business One 9.2 y 9.3 para el servicio de copias de seguridad de SAP HANA permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/104438 https://launchpad.support.sap.com/#/notes/2588475 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 •
CVE-2018-2410
https://notcve.org/view.php?id=CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. En SAP Business One 9.2 y 9.3, el acceso al navegador no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103704 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2582870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •