2 matches found
Xxe
In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...
CVE-2020-14204
In WebFOCUS Business Intelligence 8.0 SP6, the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibiapps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes t...