164 matches found
CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...
Hardcoded credentials
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...
CVE-2019-0396
SAP BusinessObjects BI Platform Web Intelligence HTML interface is affected by CVE-2019-0396 due to insufficient validation of an XML document from untrusted sources. The issue allows an attacker to craft XML with malicious elements that bypass filtering in certain workflows. Affected versions: 4...
CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...
CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...
Cross site scripting
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...
CVE-2019-0382
CVE-2019-0382 affects SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence publication-related pages. The vulnerability is a Cross-Site Scripting flaw caused by insufficient input sanitization, allowing an attacker with the required privileges to exploit it. Corre...
CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...
CVE-2019-0378
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting...
CVE-2019-0377
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting...
CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...
Cross site scripting
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...
Cross site scripting
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...
CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...
CVE-2019-0374
SAP BusinessObjects BI Platform (Web Intelligence HTML interface) is affected by CVE-2019-0374. Versions prior to 4.2 and 4.3 fail to properly encode user-controlled inputs, allowing scripts to be executed in chart titles and resulting in reflected Cross-Site Scripting. Root cause: insufficient e...
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
CVE-2019-0348
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
CVE-2019-0333
In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information...
Code injection
SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...
CVE-2019-0348
CVE-2019-0348 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) for versions 4.1 and 4.2. The vulnerability involves accessing the database through an unencrypted connection, despite protection expectations that data be encrypted. The connected Red Hat, CNVD, CVE lists...