CVE-2019-0333
https://notcve.org/view.php?id=CVE-2019-0333
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information Disclosure. En algunas situaciones, cuando un cliente cancela una consulta en SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versiones 4.2, 4.3, el atacante puede entonces consultar y recibir todo el conjunto de datos en lugar de solo lo que forma parte de su perfil de seguridad, lo que resulta en una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2764513 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 •
CVE-2019-0335
https://notcve.org/view.php?id=CVE-2019-0335
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. Bajo determinadas condiciones SAP BusinessObjects Business Intelligence Platform (Central Management Console), versiones 4.1, 4.2, 4.3, permite a un atacante almacenar una carga maliciosa dentro del campo de descripción de una cuenta de usuario. La carga es activada cuando el cursor del mouse se mueve sobre el campo de descripción de la lista, al generar el pequeño cuadro emergente informativo amarillo, resultando en un ataque de tipo Cross Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2742468 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0332
https://notcve.org/view.php?id=CVE-2019-0332
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (Info View), versiones 4.1, 4.2, 4.3, permite a un atacante entregar alguna carga útil para la palabra clave en la búsqueda y será ejecutada mientras la búsqueda realiza su acción, lo que resulta en una vulnerabilidad de tipo cross-site scripting (XSS). • https://launchpad.support.sap.com/#/notes/2742468 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-0331
https://notcve.org/view.php?id=CVE-2019-0331
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to access sensitive data such as directory structure, leading to Information Disclosure. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, permite a un atacante acceder a datos confidenciales tal y como la estructura de directorios, conllevando a la Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2742468 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 •
CVE-2019-0326
https://notcve.org/view.php?id=CVE-2019-0326
SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versiones 4.1, 4.2, 4.3, no codifica de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109072 https://launchpad.support.sap.com/#/notes/2764733 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •