Lucene search
K

164 matches found

OSV
OSV
added 2019/11/13 11:15 p.m.4 views

CVE-2019-0396

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

7.1CVSS5.8AI score0.00897EPSS
Exploits0References2
Prion
Prion
added 2019/11/13 11:15 p.m.23 views

Hardcoded credentials

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

5.5CVSS6.8AI score0.00897EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/13 10:18 p.m.61 views

CVE-2019-0396

SAP BusinessObjects BI Platform Web Intelligence HTML interface is affected by CVE-2019-0396 due to insufficient validation of an XML document from untrusted sources. The issue allows an attacker to craft XML with malicious elements that bypass filtering in certain workflows. Affected versions: 4...

7.1CVSS6.8AI score0.00897EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/11/13 10:15 p.m.20 views

CVE-2019-0382

A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...

5.4CVSS5.3AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2019/11/13 10:15 p.m.7 views

CVE-2019-0382

A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...

5.4CVSS6.1AI score0.00526EPSS
Exploits0References2
Prion
Prion
added 2019/11/13 10:15 p.m.24 views

Cross site scripting

A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...

3.5CVSS5.2AI score0.00526EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/11/13 9:59 p.m.53 views

CVE-2019-0382

CVE-2019-0382 affects SAP BusinessObjects Business Intelligence Platform, specifically the Web Intelligence publication-related pages. The vulnerability is a Cross-Site Scripting flaw caused by insufficient input sanitization, allowing an attacker with the required privileges to exploit it. Corre...

5.4CVSS5.3AI score0.00526EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/13 9:59 p.m.30 views

CVE-2019-0382

A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform Web Intelligence-Publication related pages; corrected in version 4.2. Privileges are required in order to exploit this vulnerability...

5.3AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2019/10/08 8:15 p.m.4 views

CVE-2019-0378

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting...

5.4CVSS6.1AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2019/10/08 8:15 p.m.4 views

CVE-2019-0377

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting...

5.4CVSS6.1AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2019/10/08 8:15 p.m.3 views

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

5.4CVSS6AI score
Exploits0References2
Prion
Prion
added 2019/10/08 8:15 p.m.17 views

Cross site scripting

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

3.5CVSS5.3AI score0.00526EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/10/08 8:15 p.m.21 views

Cross site scripting

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...

3.5CVSS5.4AI score0.00733EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/08 7:23 p.m.24 views

CVE-2019-0376

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...

5.4AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2019/10/08 7:21 p.m.65 views

CVE-2019-0374

SAP BusinessObjects BI Platform (Web Intelligence HTML interface) is affected by CVE-2019-0374. Versions prior to 4.2 and 4.3 fail to properly encode user-controlled inputs, allowing scripts to be executed in chart titles and resulting in reflected Cross-Site Scripting. Root cause: insufficient e...

5.4CVSS5.4AI score0.00733EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/08/14 2:15 p.m.17 views

CVE-2019-0348

SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...

6.5CVSS6.5AI score0.00688EPSS
Exploits0References2
OSV
OSV
added 2019/08/14 2:15 p.m.4 views

CVE-2019-0348

SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...

6.5CVSS6.6AI score0.00688EPSS
Exploits0References2
OSV
OSV
added 2019/08/14 2:15 p.m.5 views

CVE-2019-0333

In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.2, 4.3, the attacker can then query and receive the whole data set instead of just what is part of their authorized security profile, resulting in Information...

6.5CVSS6.6AI score0.01135EPSS
Exploits0References2
Prion
Prion
added 2019/08/14 2:15 p.m.24 views

Code injection

SAP BusinessObjects Business Intelligence Platform Web Intelligence, versions 4.1, 4.2, can access database with unencrypted connection, even if the quality of protection should be encrypted...

4CVSS6.5AI score0.00688EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/14 1:55 p.m.56 views

CVE-2019-0348

CVE-2019-0348 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) for versions 4.1 and 4.2. The vulnerability involves accessing the database through an unencrypted connection, despite protection expectations that data be encrypted. The connected Red Hat, CNVD, CVE lists...

6.5CVSS6.5AI score0.00688EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder