CVE-2019-0376
https://notcve.org/view.php?id=CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite a un atacante almacenar scripts maliciosos en el nombre de la publicación, que pueden ser ejecutados por la víctima más tarde, resultando en una vulnerabilidad de tipo Cross-Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0375
https://notcve.org/view.php?id=CVE-2019-0375
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el cuadro de diálogo de exportación del nombre del reporte, resultando en una vulnerabilidad de tipo Cross-Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0374
https://notcve.org/view.php?id=CVE-2019-0374
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el título del gráfico, resultando en una vulnerabilidad de tipo Cross-Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0348
https://notcve.org/view.php?id=CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versiones 4.1, 4.2, puede acceder a la base de datos con conexión sin cifrar, incluso si la calidad de la protección debe ser cifrada. • https://launchpad.support.sap.com/#/notes/2751470 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-319: Cleartext Transmission of Sensitive Information •
CVE-2019-0346
https://notcve.org/view.php?id=CVE-2019-0346
Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure. Error de comunicación no cifrada en SAP Business Objects Business Intelligence Platform (Central Management Console), versión 4.2, conlleva a la divulgación de la lista de nombres de usuario y roles importados desde los sistemas SAP NetWeaver BI, resultando en una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2764513 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-319: Cleartext Transmission of Sensitive Information •