CVE-2019-0326
https://notcve.org/view.php?id=CVE-2019-0326
SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versiones 4.1, 4.2, 4.3, no codifica de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109072 https://launchpad.support.sap.com/#/notes/2764733 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0268
https://notcve.org/view.php?id=CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. SAP BusinessObjects Business Intelligence Platform (CMC Module), en versiones 4.10, 4.20 y 4.30, no valida de manera suficiente un documento XML recibido desde una fuente no fiable. • http://www.securityfocus.com/bid/107364 https://launchpad.support.sap.com/#/notes/2689259 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2018-2432
https://notcve.org/view.php?id=CVE-2018-2432
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) 4.10, 4.20 y 4.30 permite que un atacante incluya datos no validados en la cabecera de respuesta HTTP enviada a un usuario web. La explotación con éxito de esta vulnerabilidad podría desembocar en ataques avanzados, incluyendo Cross-Site Scripting (XSS) y el secuestro de páginas. • http://www.securityfocus.com/bid/104716 https://launchpad.support.sap.com/#/notes/2523290 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •