CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40500
https://notcve.org/view.php?id=CVE-2021-40500
12 Oct 2021 — SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server. SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versiones 420, 430, permite a un atacante no autenticado explotar las comprobaciones XML falt... • https://launchpad.support.sap.com/#/notes/3074693 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0352
https://notcve.org/view.php?id=CVE-2019-0352
10 Sep 2019 — In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout. En SAP Business Objects Business Intelligence Platform, versiones anteriores a 4.1, 4.2 y 4.3, algunas páginas dinámicas (como jsp) son almacenadas en caché, lo que conlleva a que un atacante pueda visualizar la información confidencial por medio de la caché ... • https://launchpad.support.sap.com/#/notes/2735924 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2471
https://notcve.org/view.php?id=CVE-2018-2471
09 Oct 2018 — Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP BusinessObjects Business Intelligence Platform, en versiones 4.10 y 4.20, permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/105530 •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2397
https://notcve.org/view.php?id=CVE-2018-2397
14 Mar 2018 — In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. En SAP Business Objects Business Intelligence Platform, en versiones 4.00, 4.10, 4.20 y 4.30, el CMC (Central Management Console) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •