CVE-2019-0326
https://notcve.org/view.php?id=CVE-2019-0326
SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versiones 4.1, 4.2, 4.3, no codifica de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109072 https://launchpad.support.sap.com/#/notes/2764733 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0303
https://notcve.org/view.php?id=CVE-2019-0303
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed. Business Intelligence Platform (Consola de administración) de SAP BusinessObjects, versiones 4.2, 4.3, módulo BILogon/appService.jsp está reflejando el parámetro errMsg solicitado en el contenido de la respuesta sin saneamiento. Este podría ser utilizado por un atacante para crear una URL especial que ejecute código JavaScript personalizado cuando la URL sea accedida. • https://launchpad.support.sap.com/#/notes/2637997 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0289
https://notcve.org/view.php?id=CVE-2019-0289
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, la plataforma SAP BusinessObjects Business Intelligence (Analysis for OLAP), versiones 4.2 y 4.3, permite que un atacante acceda a información que, de lo contrario, sería restringida. • https://launchpad.support.sap.com/#/notes/2738796 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 •
CVE-2019-0287
https://notcve.org/view.php?id=CVE-2019-0287
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, la plataforma SAP BusinessObjects Business Intelligence (Central Management Server), versiones 4.2 y 4.3, permite a un atacante acceder a información que, de lo contrario, sería restringida. • http://www.securityfocus.com/bid/108316 https://launchpad.support.sap.com/#/notes/2737278 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 •
CVE-2019-0268
https://notcve.org/view.php?id=CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. SAP BusinessObjects Business Intelligence Platform (CMC Module), en versiones 4.10, 4.20 y 4.30, no valida de manera suficiente un documento XML recibido desde una fuente no fiable. • http://www.securityfocus.com/bid/107364 https://launchpad.support.sap.com/#/notes/2689259 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-91: XML Injection (aka Blind XPath Injection) •