CVE-2021-33697
https://notcve.org/view.php?id=CVE-2021-33697
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versiones - 420, 430, puede permitir que un atacante no autenticado redirija a usuarios a un sitio malicioso debido a las vulnerabilidades de tipo Reverse Tabnabbing • https://launchpad.support.sap.com/#/notes/3063048 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-269: Improper Privilege Management CWE-1022: Use of Web Link to Untrusted Target with window.opener Access •
CVE-2021-33696
https://notcve.org/view.php?id=CVE-2021-33696
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. SAP BusinessObjects Business Intelligence Platform (Crystal Report), versiones - 420, 430, no codifica suficientemente las entradas controladas por el usuario y, por lo tanto, un atacante autorizado puede explotar una vulnerabilidad de tipo XSS, conllevando a desfigurar o modificar de forma no permanente el contenido mostrado de un sitio web • https://launchpad.support.sap.com/#/notes/3062085 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-21444
https://notcve.org/view.php?id=CVE-2021-21444
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack. SAP Business Objects BI Platform, versiones - 410, 420, 430, permite múltiples entradas de encabezados X-Frame-Options en los encabezados de respuesta, que pueden no ser tratados de manera predecible por todos los agentes de usuario. Esto podría, como resultado, anular el encabezado X-Frame-Options agregado conllevando a un ataque de Secuestro del Clic • https://launchpad.support.sap.com/#/notes/2935791 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •