CVE-2018-2408
https://notcve.org/view.php?id=CVE-2018-2408
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues to be active. Gestión incorrecta de sesión en SAP Business Objects, en su versión 4.0, desde la versión 4.20, 4.30, en CMC/BI Launchpad/Fiorified BI Launchpad. En el caso de que se cambie la contraseña de un usuario, el resto de sesiones activas creadas con la contraseña antigua seguirán estando activas. • http://www.securityfocus.com/bid/103700 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2537150 • CWE-384: Session Fixation •
CVE-2018-2397
https://notcve.org/view.php?id=CVE-2018-2397
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. En SAP Business Objects Business Intelligence Platform, en versiones 4.00, 4.10, 4.20 y 4.30, el CMC (Central Management Console) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103373 https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018 https://launchpad.support.sap.com/#/notes/2550538 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16683
https://notcve.org/view.php?id=CVE-2017-16683
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. Denegación de servicio (DoS) en SAP Business Objects Platform, Enterprise 4.10 y 4.20, que podría permitir que un atacante evite que usuarios legítimos accedan a un servicio. • http://www.securityfocus.com/bid/102146 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 https://launchpad.support.sap.com/#/notes/2531656 •
CVE-2017-14516
https://notcve.org/view.php?id=CVE-2017-14516
Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. Existe Cross-Site Scripting (XSS) en versiones anteriores a la 2017-06-13 de SAP Business Objects Financial Consolidation, también conocido como SAP Security Note 2422292. • https://blogs.sap.com/2017/06/13/sap-security-patch-day-june2017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-6061 – SAP BusinessObjects Financial Consolidation 10.0.0.1933 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-6061
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Security Note 2368106. Vulnerabilidad de XSS en el componente de ayuda de SAP BusinessObjects Financial Consolidation 10.0.0.1933 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una solicitud GET. /finance/help/en/frameset.htm es la URl para este componente. • http://packetstormsecurity.com/files/141349/SAP-BusinessObjects-Financial-Consolidation-10.0.0.1933-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2017/Feb/69 http://www.securityfocus.com/bid/96461 http://www.securitytracker.com/id/1037910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •