CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28764 – Information Disclosure vulnerability in SAP BusinessObjects Platform
https://notcve.org/view.php?id=CVE-2023-28764
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system. • https://i7p.wdf.sap.corp/sap/support/notes/3302595 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40500
https://notcve.org/view.php?id=CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server. SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versiones 420, 430, permite a un atacante no autenticado explotar las comprobaciones XML faltantes en los endpoints para leer datos confidenciales. Estos endpoints están normalmente expuestos a través de la red y una explotación con éxito puede permitir al atacante recuperar archivos arbitrarios del servidor • https://launchpad.support.sap.com/#/notes/3074693 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0352
https://notcve.org/view.php?id=CVE-2019-0352
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. En SAP Business Objects Business Intelligence Platform, versiones anteriores a 4.1, 4.2 y 4.3, algunas páginas dinámicas (como jsp) son almacenadas en caché, lo que conlleva a que un atacante pueda visualizar la información confidencial por medio de la caché y puede abrir las páginas dinámicas incluso luego de cerrar sesión. • https://launchpad.support.sap.com/#/notes/2735924 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0269
https://notcve.org/view.php?id=CVE-2019-0269
SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP BusinessObjects Business Intelligence Platform (BI Workspace), en versiones 4.10 y 4.20, no cifra de manera suficiente las entradas controladas por el usuario, conduciendo a una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107359 https://launchpad.support.sap.com/#/notes/2693962 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0262
https://notcve.org/view.php?id=CVE-2019-0262
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. SAP WebIntelligence BILaunchPad, en versiones 4.10 y 4,20, no cifra lo suficiente las entradas controladas por el usuario en los informes HTML generados, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106998 https://launchpad.support.sap.com/#/notes/2696714 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •