CVE-2019-0335
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack.
Bajo determinadas condiciones SAP BusinessObjects Business Intelligence Platform (Central Management Console), versiones 4.1, 4.2, 4.3, permite a un atacante almacenar una carga maliciosa dentro del campo de descripción de una cuenta de usuario. La carga es activada cuando el cursor del mouse se mueve sobre el campo de descripción de la lista, al generar el pequeño cuadro emergente informativo amarillo, resultando en un ataque de tipo Cross Site Scripting Almacenado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-26 CVE Reserved
- 2019-08-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 | 2019-08-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Businessobjects Business Intelligence Search vendor "Sap" for product "Businessobjects Business Intelligence" | 4.1 Search vendor "Sap" for product "Businessobjects Business Intelligence" and version "4.1" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Businessobjects Business Intelligence Search vendor "Sap" for product "Businessobjects Business Intelligence" | 4.2 Search vendor "Sap" for product "Businessobjects Business Intelligence" and version "4.2" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Businessobjects Business Intelligence Search vendor "Sap" for product "Businessobjects Business Intelligence" | 4.3 Search vendor "Sap" for product "Businessobjects Business Intelligence" and version "4.3" | - |
Affected
|