3 matches found
CVE-2020-14204
CVE-2020-14204 affects WebFOCUS Business Intelligence 8.0 (SP6). The vulnerability is XML External Entity Injection in the WebFOCUS BI XML processing, enabling remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg. ...
CVE-2020-14202
WebFOCUS Business Intelligence 8.0 (SP6) is affected by CVE-2020-14202: an XSS vulnerability via arbitrary URL parameters in WebFOCUS BI. The root cause is insufficient input sanitization/cleanup, allowing script execution in the context of the affected site. Impact is cross-site scripting; no ex...
CVE-2020-14203
WebFOCUS Business Intelligence 8.0 (SP6) is affected by CVE-2020-14203, a Cross-Site Request Forgery (CSRF) vulnerability in the /ibi_apps/WFServlet(.ibfs) endpoint. The issue can enable creation of an administrative user and is connected to CVE-2016-9044. Multiple connected sources confirm a CSR...