164 matches found
CVE-2019-0333
CVE-2019-0333 affects SAP BusinessObjects BI Platform (Web Intelligence) in versions 4.2 and 4.3. The root issue is triggered when a client cancels a query, allowing an attacker to query and retrieve the entire data set beyond their authorized security profile, causing information disclosure. The...
CVE-2019-0333
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information...
SAP Web Intelligence BI LaunchPad Cross-Site Scripting Vulnerability
SAP Web Intelligence BI LaunchPad is a Java- or HTML-based user interface for use in BusinessObjects tools from SAP, Germany. The product is mainly used to perform analytical reporting and data analysis. A cross-site scripting vulnerability in SAP Web Intelligence BI LaunchPad versions 4.10 and...
CVE-2018-2473
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...
CVE-2018-2473
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...
Design/Logic Flaw
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...
CVE-2018-2473
CVE-2018-2473 affects SAP BusinessObjects Business Intelligence Platform Server (versions 4.1 and 4.2) when using Web Intelligence Rich Client 3-tier gateway. The vulnerability enables an attacker to prevent legitimate users from accessing a service, either by crashing or flooding it, implying a ...
CVE-2018-2473
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...
SAP BusinessObjects Web Intelligence Cross-Site Scripting Vulnerability (CNVD-2019-08548)
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site scripting vulnerability exists in SAP BusinessObjects...
CVE-2018-2472
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Cross site scripting
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2018-2472
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 Web Intelligence DHTML client does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
SAP BusinessObjects Business Intelligence Cross-Site Request Forgery Vulnerability
SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site request forgery vulnerability exists in SAP BusinessObjects...
CVE-2018-2442
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid...
CVE-2018-2442
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid...
CVE-2018-2447
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) 4.2 is affected by CVE-2018-2447. The vulnerability allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. Root cause is not fully detailed in the provided sources, but the impact is d...
SAP Web Intelligence BI Launchpad SSRF Security Bypass Vulnerability
SAP BusinessObjects BI Platform is the German SAP SAP company's set of business intelligence BI solution platform. An SSRF security bypass vulnerability exists in SAP Web Intelligence BI Launchpad. An attacker can exploit the vulnerability to perform unauthorized actions, leading to further attac...
SAP BusinessObjects Web Intelligence Cross-Site Scripting Vulnerability
SAP BusinessObjects Germany SAP SAP a company provides a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. A cross-site scripting vulnerability exists in SAP BusinessObjects Web...
Unspecified Cross-Site Scripting Vulnerability in SAP BusinessObjects Web Intelligence
SAP BusinessObjects Germany SAP SAP company developed a provide a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. An unspecified cross-site scripting vulnerability exists in SAP...
Security Best Practice: Get Yourself Familiar with the Header Rejection Tool
Web servers and applications parse not only the URL, but also the rest of the HTTP header data. Wrong parsing can lead to buffer overrun attacks and other vulnerabilities. Some exploits use the HTTP headers to cause damage. The exploit can be carried in standard headers the Host header for exampl...