CVE-2020-6221
https://notcve.org/view.php?id=CVE-2020-6221
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. La interfaz Web Intelligence HTML en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6223
https://notcve.org/view.php?id=CVE-2020-6223
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. El documento abierto de SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, permite a un atacante modificar determinadas páginas de error para incluir contenido malicioso. Esto puede desviar a un usuario que es engañado para que acceda a estas páginas de error renderizadas por la aplicación, conllevando a una Suplantación de Contenido. • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-6218
https://notcve.org/view.php?id=CVE-2020-6218
Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure. Las herramientas de administración y el Query Builder en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, permiten a un atacante acceder a información que de otra manera debería estar restringida, conllevando a una divulgación de información. • https://launchpad.support.sap.com/#/notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 •
CVE-2019-0398
https://notcve.org/view.php?id=CVE-2019-0398
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. Debido a una protección CSRF insuficiente, la plataforma SAP BusinessObjects Business Intelligence (Monitoring Application), versiones anteriores a 4.1, 4.2 y 4.3, puede conllevar a que un usuario autenticado envíe peticiones no deseadas al servidor web, conllevando a una vulnerabilidad de tipo Cross Site Request Forgery. • https://launchpad.support.sap.com/#/notes/2701027 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-0395
https://notcve.org/view.php?id=CVE-2019-0395
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. La plataforma SAP BusinessObjects Business Intelligence (Fiori BI Launchpad), versiones anteriores a 4.2, permite una ejecución de JavaScript en un módulo de texto en Fiori BI Launchpad, lo que conlleva a una vulnerabilidad de tipo Cross Site Scripting Almacenada. • https://launchpad.support.sap.com/#/notes/2830578 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •