CVE-2019-0334
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.
Cuando se crea un módulo en SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, es posible almacenar un script malicioso que cuando es ejecutado más tarde podría permitir a un usuario escalar privilegios por medio de un secuestro de sesión. El atacante también podría acceder a otra información confidencial, conllevando a un ataque de tipo Cross Site Scripting Almacenado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-26 CVE Reserved
- 2019-08-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 | 2019-08-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Businessobjects Business Intelligence Search vendor "Sap" for product "Businessobjects Business Intelligence" | 4.1 Search vendor "Sap" for product "Businessobjects Business Intelligence" and version "4.1" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Businessobjects Business Intelligence Search vendor "Sap" for product "Businessobjects Business Intelligence" | 4.2 Search vendor "Sap" for product "Businessobjects Business Intelligence" and version "4.2" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Businessobjects Business Intelligence Search vendor "Sap" for product "Businessobjects Business Intelligence" | 4.3 Search vendor "Sap" for product "Businessobjects Business Intelligence" and version "4.3" | - |
Affected
|