CVE-2019-0269
https://notcve.org/view.php?id=CVE-2019-0269
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BI Workspace), en versiones 4.10 y 4.20, no cifra de manera suficiente las entradas controladas por el usuario, conduciendo a una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107359 https://launchpad.support.sap.com/#/notes/2693962 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0268
https://notcve.org/view.php?id=CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. SAP BusinessObjects Business Intelligence Platform (CMC Module), en versiones 4.10, 4.20 y 4.30, no valida de manera suficiente un documento XML recibido desde una fuente no fiable. • http://www.securityfocus.com/bid/107364 https://launchpad.support.sap.com/#/notes/2689259 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2019-0251
https://notcve.org/view.php?id=CVE-2019-0251
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fiori Launchpad en SAP BusinessObjects, en versiones anteriores a la 4.2 y 4.3, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106993 https://launchpad.support.sap.com/#/notes/2638175 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0259
https://notcve.org/view.php?id=CVE-2019-0259
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation. SAP BusinessObjects, en versiones 4.2 y 4.3, (diferencia visual) permite que un atacante suba cualquier archivo (incluyendo archivos de script) sin una validación del formato de archivo adecuada. • http://www.securityfocus.com/bid/106997 https://launchpad.support.sap.com/#/notes/2727564 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-0262
https://notcve.org/view.php?id=CVE-2019-0262
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. SAP WebIntelligence BILaunchPad, en versiones 4.10 y 4,20, no cifra lo suficiente las entradas controladas por el usuario en los informes HTML generados, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106998 https://launchpad.support.sap.com/#/notes/2696714 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •