Lucene search
K

164 matches found

CVE
CVE
added 2019/08/14 1:47 p.m.54 views

CVE-2019-0333

CVE-2019-0333 affects SAP BusinessObjects BI Platform (Web Intelligence) in versions 4.2 and 4.3. The root issue is triggered when a client cancels a query, allowing an attacker to query and retrieve the entire data set beyond their authorized security profile, causing information disclosure. The...

6.5CVSS6.4AI score0.01135EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/14 1:47 p.m.25 views

CVE-2019-0333

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information...

6.5AI score0.01135EPSS
Exploits0References2
CNVD
CNVD
added 2019/02/15 12:0 a.m.6 views

SAP Web Intelligence BI LaunchPad Cross-Site Scripting Vulnerability

SAP Web Intelligence BI LaunchPad is a Java- or HTML-based user interface for use in BusinessObjects tools from SAP, Germany. The product is mainly used to perform analytical reporting and data analysis. A cross-site scripting vulnerability in SAP Web Intelligence BI LaunchPad versions 4.10 and...

5.4CVSS6.8AI score0.00886EPSS
Exploits0References1
OSV
OSV
added 2018/11/13 8:29 p.m.4 views

CVE-2018-2473

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

6.5CVSS5.8AI score0.01533EPSS
Exploits0References3
NVD
NVD
added 2018/11/13 8:29 p.m.18 views

CVE-2018-2473

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

6.5CVSS6.5AI score0.01533EPSS
Exploits0References3
Prion
Prion
added 2018/11/13 8:29 p.m.15 views

Design/Logic Flaw

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

4CVSS6.5AI score0.01533EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/11/13 8:0 p.m.51 views

CVE-2018-2473

CVE-2018-2473 affects SAP BusinessObjects Business Intelligence Platform Server (versions 4.1 and 4.2) when using Web Intelligence Rich Client 3-tier gateway. The vulnerability enables an attacker to prevent legitimate users from accessing a service, either by crashing or flooding it, implying a ...

6.5CVSS6.4AI score0.01533EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/11/13 8:0 p.m.26 views

CVE-2018-2473

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...

6.5AI score0.01533EPSS
Exploits0References3
CNVD
CNVD
added 2018/10/10 12:0 a.m.5 views

SAP BusinessObjects Web Intelligence Cross-Site Scripting Vulnerability (CNVD-2019-08548)

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site scripting vulnerability exists in SAP BusinessObjects...

6.1CVSS6.2AI score0.01016EPSS
Exploits0References1
OSV
OSV
added 2018/10/09 1:29 p.m.6 views

CVE-2018-2472

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS5.8AI score0.01016EPSS
Exploits0References3
Prion
Prion
added 2018/10/09 1:29 p.m.22 views

Cross site scripting

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

4.3CVSS6AI score0.01016EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/10/09 1:0 p.m.18 views

CVE-2018-2472

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6AI score0.01016EPSS
Exploits0References3
CNVD
CNVD
added 2018/08/28 12:0 a.m.4 views

SAP BusinessObjects Business Intelligence Cross-Site Request Forgery Vulnerability

SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site request forgery vulnerability exists in SAP BusinessObjects...

8.8CVSS8.7AI score0.00705EPSS
Exploits0References1
NVD
NVD
added 2018/08/14 4:29 p.m.20 views

CVE-2018-2442

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid...

8.8CVSS8.6AI score0.00705EPSS
Exploits0References3
OSV
OSV
added 2018/08/14 4:29 p.m.5 views

CVE-2018-2442

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid...

8.8CVSS5.8AI score0.00705EPSS
Exploits0References3
CVE
CVE
added 2018/08/14 4:0 p.m.52 views

CVE-2018-2447

SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) 4.2 is affected by CVE-2018-2447. The vulnerability allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. Root cause is not fully detailed in the provided sources, but the impact is d...

6.5CVSS6.5AI score0.01249EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/05/11 12:0 a.m.3 views

SAP Web Intelligence BI Launchpad SSRF Security Bypass Vulnerability

SAP BusinessObjects BI Platform is the German SAP SAP company's set of business intelligence BI solution platform. An SSRF security bypass vulnerability exists in SAP Web Intelligence BI Launchpad. An attacker can exploit the vulnerability to perform unauthorized actions, leading to further attac...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2018/02/26 12:0 a.m.1 views

SAP BusinessObjects Web Intelligence Cross-Site Scripting Vulnerability

SAP BusinessObjects Germany SAP SAP a company provides a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. A cross-site scripting vulnerability exists in SAP BusinessObjects Web...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2017/03/27 12:0 a.m.2 views

Unspecified Cross-Site Scripting Vulnerability in SAP BusinessObjects Web Intelligence

SAP BusinessObjects Germany SAP SAP company developed a provide a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. An unspecified cross-site scripting vulnerability exists in SAP...

6.2AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2008/05/25 12:0 a.m.2 views

Security Best Practice: Get Yourself Familiar with the Header Rejection Tool

Web servers and applications parse not only the URL, but also the rest of the HTTP header data. Wrong parsing can lead to buffer overrun attacks and other vulnerabilities. Some exploits use the HTTP headers to cause damage. The exploit can be carried in standard headers the Host header for exampl...

7.2AI score
Exploits0
Rows per page
Query Builder