CVE-2018-2471
https://notcve.org/view.php?id=CVE-2018-2471
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP BusinessObjects Business Intelligence Platform, en versiones 4.10 y 4.20, permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/105530 https://launchpad.support.sap.com/#/notes/2654905 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 •
CVE-2018-2427
https://notcve.org/view.php?id=CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP BusinessObjects Business Intelligence Suite, en versiones 4.10 y 4.20, y SAP Crystal Reports (versión para Visual Studio .NET, Version 2010) permite que un atacante inyecte código que puede ser ejecutado por la aplicación. Un atacante podría, por lo tanto, controlar el comportamiento de la aplicación. • http://www.securityfocus.com/bid/104715 https://launchpad.support.sap.com/#/notes/2620738 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-2431
https://notcve.org/view.php?id=CVE-2018-2431
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Suite 4.10 y 4.20 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/104695 https://launchpad.support.sap.com/#/notes/2624762 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2408
https://notcve.org/view.php?id=CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Gestión incorrecta de sesión en SAP Business Objects, en su versión 4.0, desde la versión 4.20, 4.30, en CMC/BI Launchpad/Fiorified BI Launchpad. En el caso de que se cambie la contraseña de un usuario, el resto de sesiones activas creadas con la contraseña antigua seguirán estando activas. • http://www.securityfocus.com/bid/103700 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2537150 • CWE-384: Session Fixation •
CVE-2018-2397
https://notcve.org/view.php?id=CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. En SAP Business Objects Business Intelligence Platform, en versiones 4.00, 4.10, 4.20 y 4.30, el CMC (Central Management Console) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103373 https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018 https://launchpad.support.sap.com/#/notes/2550538 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •