206 matches found
Information disclosure
Certain settings pages in SAP Business Objects Business Intelligence Platform CMC, version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure...
Command Execution Vulnerability in CBoard
CBoard is a self-help BI data analysis platform led by Shanghai Chugo Information Technology Co. CBoard has a command execution vulnerability that can be exploited by attackers to execute malicious code...
TheTHE - Simple, Shareable, Team-Focused And Expandable Threat Hunting Experience
TheTHE is an environment intended to help analysts and hunters over the early stages of their work in an easier, unified and quicker way. One of the major drawbacks when dealing with a hunting is the collection of information available on a high number of sources, both public and private. All thi...
SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2019-46442)
SAP Business Objects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability exists in SAP BusinessObjects...
SAP Business Objects Business Intelligence Platform Cross-Site Request Forgery Vulnerability
SAP Business Objects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site request forgery vulnerability exists in SAP...
CVE-2019-0374
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...
CVE-2019-0352
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages like jsp are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout...
CVE-2019-0334
When creating a module in SAP BusinessObjects Business Intelligence Platform BI Workspace, versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other...
SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2019-25982)
SAP BusinessObjects Business Intelligence Platform is a suite of bookstore intelligence software and enterprise performance solutions from Germany's SAP. The product features report generation, analytics and data visualization. A cross-site scripting vulnerability exists in SAP BusinessObjects...
Code injection
SAP BusinessObjects Business Intelligence Platform Administration Console, versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript co...
Partner Perspectives: Stay Proactive with Automated Threat Blocking from Carbon Black and IntSights
Alon Yotvat is a Senior Solutions Architect for IntSights. Carbon Black and IntSights have joined forces to combine next-gen endpoint security solutions with powerful external threat intelligence. This potent integration of cybersecurity technologies gives enterprises the protection they need to...
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-1945
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...
SAP BusinessObjects Business Intelligence Platform Arbitrary File Upload Vulnerability
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. An arbitrary file upload vulnerability exists in SAP BusinessObjects...
SAP BusinessObjects Business Intelligence Platform Server Denial of Service Vulnerability
SAP BusinessObjects Business Intelligence Platform Servers is a suite of business intelligence software and enterprise performance solutions. The product features report generation, analytics, data visualization, and more. A denial of service vulnerability exists in SAP BusinessObjects Business...
SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from Germany's SAP, which features report generation, analytics, data visualization, and more. A cross-site scripting vulnerability in SAP BusinessObjects Business...
CVE-2018-2483
HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console CMC by changing request method...
CVE-2018-2473
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...
CVE-2018-2473
CVE-2018-2473 affects SAP BusinessObjects Business Intelligence Platform Server (versions 4.1 and 4.2) when using Web Intelligence Rich Client 3-tier gateway. The vulnerability enables an attacker to prevent legitimate users from accessing a service, either by crashing or flooding it, implying a ...
CVE-2018-2471
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted...