CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0375
https://notcve.org/view.php?id=CVE-2019-0375
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el cuadro de diálogo de exportación del nombre del reporte, resultando en una vulnerabilidad de tipo Cross-Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0374
https://notcve.org/view.php?id=CVE-2019-0374
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting SAP BusinessObjects Business Intelligence Platform (interfaz Web Intelligence HTML), versiones anteriores a 4.2 y 4.3, no codifica suficientemente las entradas controladas por el usuario y permite la ejecución de scripts en el título del gráfico, resultando en una vulnerabilidad de tipo Cross-Site Scripting reflejado. • https://launchpad.support.sap.com/#/notes/2817945 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0348
https://notcve.org/view.php?id=CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted. SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versiones 4.1, 4.2, puede acceder a la base de datos con conexión sin cifrar, incluso si la calidad de la protección debe ser cifrada. • https://launchpad.support.sap.com/#/notes/2751470 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0346
https://notcve.org/view.php?id=CVE-2019-0346
Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Management Console), version 4.2, leads to disclosure of list of user names and roles imported from SAP NetWeaver BI systems, resulting in Information Disclosure. Error de comunicación no cifrada en SAP Business Objects Business Intelligence Platform (Central Management Console), versión 4.2, conlleva a la divulgación de la lista de nombres de usuario y roles importados desde los sistemas SAP NetWeaver BI, resultando en una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2764513 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0334
https://notcve.org/view.php?id=CVE-2019-0334
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. Cuando se crea un módulo en SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, es posible almacenar un script malicioso que cuando es ejecutado más tarde podría permitir a un usuario escalar privilegios por medio de un secuestro de sesión. El atacante también podría acceder a otra información confidencial, conllevando a un ataque de tipo Cross Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2771221 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •