SAP BusinessObjects Business Intelligence Platform 4.2 Service Pack 05

CPE Details

SAP BusinessObjects Business Intelligence Platform 4.2 Service Pack 05
sap
businessobjects_business_intelligence_platform
4.2
2020-01-16
12h40 +00:00
2020-01-16
12h40 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:sp05:*:*:*:*:*:*

Informations

Vendor

sap

Product

businessobjects_business_intelligence_platform

Version

4.2

Update

sp05

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-6257 2020-05-12 15h53 +00:00 SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
5.4
Moyen
CVE-2020-6251 2020-05-12 15h50 +00:00 Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
6.5
Moyen
CVE-2020-6247 2020-05-12 15h49 +00:00 SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
7.5
Haute
CVE-2020-6245 2020-05-12 15h49 +00:00 SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
6.7
Moyen
CVE-2020-6189 2020-02-12 18h45 +00:00 Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.
5.3
Moyen
CVE-2019-0398 2019-12-11 20h35 +00:00 Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
8.8
Haute
CVE-2019-0376 2019-10-08 17h23 +00:00 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.
5.4
Moyen
CVE-2019-0375 2019-10-08 17h22 +00:00 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.
5.4
Moyen
CVE-2019-0374 2019-10-08 17h21 +00:00 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting
5.4
Moyen