CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2458
https://notcve.org/view.php?id=CVE-2018-2458
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, en Crystal Report en SAP Business One 9.2 y 9.3, el tipo de conexión permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/105307 https://launchpad.support.sap.com/#/notes/2670284 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2425
https://notcve.org/view.php?id=CVE-2018-2425
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP Business One 9.2 y 9.3 para el servicio de copias de seguridad de SAP HANA permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/104438 https://launchpad.support.sap.com/#/notes/2588475 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2410
https://notcve.org/view.php?id=CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. En SAP Business One 9.2 y 9.3, el acceso al navegador no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103704 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2582870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •