Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Webfocus Business Intelligence Security Vulnerabilities

cve
cve

CVE-2020-14204

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes....

8.2CVSS

8AI Score

0.005EPSS

2020-06-22 01:15 PM
20
cve
cve

CVE-2020-14203

WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with...

8.8CVSS

8.8AI Score

0.001EPSS

2020-06-22 01:15 PM
20
cve
cve

CVE-2020-14202

WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL...

6.1CVSS

6AI Score

0.001EPSS

2020-06-22 01:15 PM
22
cve
cve

CVE-2016-9044

An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this...

8.8CVSS

8.6AI Score

0.001EPSS

2018-09-07 05:29 PM
54