CVE-2022-28213 – SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
https://notcve.org/view.php?id=CVE-2022-28213
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. Cuando un usuario accede a servicios web SOAP en SAP BusinessObjects Business Intelligence Platform - versión 420, 430, no se comprueba suficientemente el documento XML aceptado desde una fuente no confiable, lo que podría resultar en una recuperación de archivos arbitrarios desde el servidor y a explotaciones con éxito de DoS SAP BusinessObjects Intelligence version 4.3 suffers from an XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/50900 http://packetstormsecurity.com/files/167046/SAP-BusinessObjects-Intelligence-4.3-XML-Injection.html https://launchpad.support.sap.com/#/notes/3055044 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-112: Missing XML Validation •
CVE-2022-22541
https://notcve.org/view.php?id=CVE-2022-22541
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access. SAP BusinessObjects Business Intelligence Platform - versiones 420, 430, puede permitir a usuarios legítimos acceder a información que no deberían ver mediante conexiones relacionales u OLAP. El principal impacto es la divulgación de datos de la empresa a personas que no deberían o no necesitan tener acceso • https://launchpad.support.sap.com/#/notes/3137191 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVE-2022-27667
https://notcve.org/view.php?id=CVE-2022-27667
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. Bajo determinadas condiciones, la plataforma SAP BusinessObjects Business Intelligence, Client Management Console (CMC) - versión 430, permite a un atacante acceder a información que de otra manera estaría restringida, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/3145769 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-40497
https://notcve.org/view.php?id=CVE-2021-40497
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version. SAP BusinessObjects Analysis (edición para OLAP) - versiones 420, 430, permite a un atacante explotar determinados endpoints de la aplicación para leer datos confidenciales. Estos endpoints están normalmente expuestos a través de la red y una explotación exitosa podría conllevar a una exposición de algunos datos específicos del sistema como su versión • https://launchpad.support.sap.com/#/notes/3098917 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-33697
https://notcve.org/view.php?id=CVE-2021-33697
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versiones - 420, 430, puede permitir que un atacante no autenticado redirija a usuarios a un sitio malicioso debido a las vulnerabilidades de tipo Reverse Tabnabbing • https://launchpad.support.sap.com/#/notes/3063048 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-269: Improper Privilege Management CWE-1022: Use of Web Link to Untrusted Target with window.opener Access •