CVE-2019-0240
https://notcve.org/view.php?id=CVE-2019-0240
SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the application by crashing it. La aplicación SAP Business Objects Mobile for Android (en versiones anteriores a la 6.3.5) permite a un atacante proporcionar entradas maliciosas en la forma de un enlace SAP BI, lo cual evita que usuarios legítimos accedan a la aplicación, forzando el cierre de la misma. • http://www.securityfocus.com/bid/106470 https://launchpad.support.sap.com/#/notes/2724059 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVE-2018-2473
https://notcve.org/view.php?id=CVE-2018-2473
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP BusinessObjects Business Intelligence Platform Server, en versiones 4.1 y 4.2, al emplear el gateway de modo de nivel 3 Web Intelligence Richclient, permite que un atacante evite que usuarios legítimos accedan a un servicio, ya sea cerrándolo inesperadamente o inundando el servicio. • http://www.securityfocus.com/bid/105903 https://launchpad.support.sap.com/#/notes/2657670 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 •
CVE-2018-2479
https://notcve.org/view.php?id=CVE-2018-2479
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BIWorkspace) 4.1 y 4.2 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105902 https://launchpad.support.sap.com/#/notes/2676094 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2483
https://notcve.org/view.php?id=CVE-2018-2483
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. Es posible la falsificación de verbos HTTP en SAP BusinessObjects Business Intelligence Platform 4.1 y 4.2, en Central Management Console (CMC) cambiando el método de petición. • http://www.securityfocus.com/bid/105899 https://launchpad.support.sap.com/#/notes/2647714 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 • CWE-287: Improper Authentication •
CVE-2018-2472
https://notcve.org/view.php?id=CVE-2018-2472
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform 4.20 y 4.20 (cliente Web Intelligence DHTML) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105531 https://launchpad.support.sap.com/#/notes/2667103 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •