CVE-2019-0375

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:-:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp11:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:sp04:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:sp05:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:sp06:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:sp07:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp12:*:*:*:*:*:*

Information

Published : 2019-10-08 13:15

Updated : 2019-10-10 11:04


NVD link : CVE-2019-0375

Mitre link : CVE-2019-0375


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

sap

  • businessobjects_business_intelligence_platform