CVE-2020-6221
https://notcve.org/view.php?id=CVE-2020-6221
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. La interfaz Web Intelligence HTML en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6223
https://notcve.org/view.php?id=CVE-2020-6223
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. El documento abierto de SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, permite a un atacante modificar determinadas páginas de error para incluir contenido malicioso. Esto puede desviar a un usuario que es engañado para que acceda a estas páginas de error renderizadas por la aplicación, conllevando a una Suplantación de Contenido. • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-6218
https://notcve.org/view.php?id=CVE-2020-6218
Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure. Las herramientas de administración y el Query Builder en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, permiten a un atacante acceder a información que de otra manera debería estar restringida, conllevando a una divulgación de información. • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 •
CVE-2019-0398
https://notcve.org/view.php?id=CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. Debido a una protección CSRF insuficiente, la plataforma SAP BusinessObjects Business Intelligence (Monitoring Application), versiones anteriores a 4.1, 4.2 y 4.3, puede conllevar a que un usuario autenticado envíe peticiones no deseadas al servidor web, conllevando a una vulnerabilidad de tipo Cross Site Request Forgery. • https://launchpad.support.sap.com/#/notes/2701027 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-0396
https://notcve.org/view.php?id=CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows. SAP BusinessObjects Business Intelligence Platform (interfaz HTML de Web Intelligence), corregida en las versiones 4.1 y 4.2, no comprueba suficientemente un documento XML aceptado desde una fuente no segura. Un atacante puede crear un mensaje que contenga elementos maliciosos que no serán filtrados correctamente por parte de la interfaz HTML de Web Intelligence en algunos flujos de trabajo específicos. • https://launchpad.support.sap.com/#/notes/2814007 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-20: Improper Input Validation •