CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33696
https://notcve.org/view.php?id=CVE-2021-33696
15 Sep 2021 — SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. SAP BusinessObjects Business Intelligence Platform (Crystal Report), versiones - 420, 430, no codifica suficientemente las entradas controladas por el usuario y, por lo tanto, un atacante autorizado puede explotar una vul... • https://launchpad.support.sap.com/#/notes/3062085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33667
https://notcve.org/view.php?id=CVE-2021-33667
14 Jul 2021 — Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. Bajo determinadas condiciones, SAP Business Objects Web Intelligence (BI Launchpad) versiones 420 y 430, permiten a un atacante acceder al código fuente jsp, mediante llamadas al SDK, del paquete Analytical Reporting, una parte de la aplicaci... • https://launchpad.support.sap.com/#/notes/3044751 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21444
https://notcve.org/view.php?id=CVE-2021-21444
09 Feb 2021 — SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack. SAP Business Objects BI Platform, versiones - 410, 420, 430, permite múltiples entradas de encabezados X-Frame-Options en los encabezados de respuesta, que pueden no ser tratados de manera predecible por todos los agentes de... • https://launchpad.support.sap.com/#/notes/2935791 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •