CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0348
https://notcve.org/view.php?id=CVE-2019-0348
14 Aug 2019 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versiones 4.1, 4.2, puede acceder a la base de datos con conexión sin cifrar, incluso si la calidad de la protección debe ser cifrada. • https://launchpad.support.sap.com/#/notes/2751470 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0334
https://notcve.org/view.php?id=CVE-2019-0334
14 Aug 2019 — When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. Cuando se crea un módulo en SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, es posible almacenar un scrip... • https://launchpad.support.sap.com/#/notes/2771221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0335
https://notcve.org/view.php?id=CVE-2019-0335
14 Aug 2019 — Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. Bajo determinadas condiciones SAP BusinessObjects Business Intelligence Platform ... • https://launchpad.support.sap.com/#/notes/2742468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0332
https://notcve.org/view.php?id=CVE-2019-0332
14 Aug 2019 — SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (Info View), versiones 4.1, 4.2, 4.3, permite a un atacante entregar alguna carga útil para la palabra clave en la búsqueda y será ejecutada mientras la búsqueda realiza su acción, lo que result... • https://launchpad.support.sap.com/#/notes/2742468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0331
https://notcve.org/view.php?id=CVE-2019-0331
14 Aug 2019 — Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, permite a un atacante acceder a datos confidenciales tal y como la estructura de directorios, conllevando a la Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2742468 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0326
https://notcve.org/view.php?id=CVE-2019-0326
10 Jul 2019 — SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versiones 4.1, 4.2, 4.3, no codifica de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0268
https://notcve.org/view.php?id=CVE-2019-0268
12 Mar 2019 — SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. SAP BusinessObjects Business Intelligence Platform (CMC Module), en versiones 4.10, 4.20 y 4.30, no valida de manera suficiente un documento XML recibido desde una fuente no fiable. • http://www.securityfocus.com/bid/107364 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2483
https://notcve.org/view.php?id=CVE-2018-2483
13 Nov 2018 — HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. Es posible la falsificación de verbos HTTP en SAP BusinessObjects Business Intelligence Platform 4.1 y 4.2, en Central Management Console (CMC) cambiando el método de petición. • http://www.securityfocus.com/bid/105899 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2473
https://notcve.org/view.php?id=CVE-2018-2473
13 Nov 2018 — SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP BusinessObjects Business Intelligence Platform Server, en versiones 4.1 y 4.2, al emplear el gateway de modo de nivel 3 Web Intelligence Richclient, permite que un atacante evite que usuarios legítimos accedan a un servicio, ya sea cerrándolo inesper... • http://www.securityfocus.com/bid/105903 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-2442
https://notcve.org/view.php?id=CVE-2018-2442
14 Aug 2018 — In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. En SAP BusinessObjects Business Intelligence, en versiones 4.0, 4.1 y 4.2, mientras se visualiza un informe Web Intelligence del BI Launchpad, los detalles de la sesión de usuario capturados por una herramienta de análisis HTTP podrían reutilizarse en... • http://www.securityfocus.com/bid/105078 • CWE-352: Cross-Site Request Forgery (CSRF) •