CVE-2018-2431
https://notcve.org/view.php?id=CVE-2018-2431
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Suite 4.10 y 4.20 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104695 https://launchpad.support.sap.com/#/notes/2624762 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2408
https://notcve.org/view.php?id=CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Gestión incorrecta de sesión en SAP Business Objects, en su versión 4.0, desde la versión 4.20, 4.30, en CMC/BI Launchpad/Fiorified BI Launchpad. En el caso de que se cambie la contraseña de un usuario, el resto de sesiones activas creadas con la contraseña antigua seguirán estando activas. • http://www.securityfocus.com/bid/103700 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2537150 • CWE-384: Session Fixation •
CVE-2018-2397
https://notcve.org/view.php?id=CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. En SAP Business Objects Business Intelligence Platform, en versiones 4.00, 4.10, 4.20 y 4.30, el CMC (Central Management Console) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103373 https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018 https://launchpad.support.sap.com/#/notes/2550538 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16683
https://notcve.org/view.php?id=CVE-2017-16683
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. Denegación de servicio (DoS) en SAP Business Objects Platform, Enterprise 4.10 y 4.20, que podría permitir que un atacante evite que usuarios legítimos accedan a un servicio. • http://www.securityfocus.com/bid/102146 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 https://launchpad.support.sap.com/#/notes/2531656 •