4 matches found
CVE-2018-2467
SAP BusinessObjects BI Platform Servers SDK (versions 4.1 and 4.2) is affected by an information-disclosure vulnerability where a specially crafted URL in a web browser can cause the server to return the path to the application server. The issue appears tied to the Software Development Kit compon...
CVE-2019-0262
CVE-2019-0262 affects SAP WebIntelligence BILaunchPad (versions 4.10 and 4.20). The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in generated HTML reports, enabling script execution in a victim’s browser. The available connected docu...
CVE-2018-2472
CVE-2018-2472 affects SAP BusinessObjects BI Platform (4.10 and 4.20) via the Web Intelligence DHTML client. The underlying issue is improper encoding of user-controlled inputs, leading to a Cross-Site Scripting (XSS) vulnerability. Communicating documents confirm the affected product and the roo...
CVE-2018-2479
SAP BusinessObjects BI Platform (BIWorkspace) versions 4.1 and 4.2 have a Cross-Site Scripting (XSS) vulnerability caused by insufficient encoding of user-controlled inputs in the web UI. Root cause: inadequate encoding/escaping before rendering user input. Impact: XSS is possible when interactin...