PT-2019-4306 · Sap · Sap Businessobjects Business Intelligence Platform

Publicado

2019-10-08

Atualizado

2019-10-10

CVE-2019-0376

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform versions prior to 4.2 and 4.3

Description The issue is related to the lack of input sanitization in the Web Intelligence HTML interface of the SAP BusinessObjects Business Intelligence platform. This can be exploited by a remote attacker to perform cross-site scripting attacks. Specifically, it allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.

Recommendations For versions prior to 4.2 and 4.3, update to a version that includes the necessary encoding of user-controlled inputs to prevent the execution of malicious scripts.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2020-00021

CVE-2019-0376

Produtos afetados

Sap Businessobjects Business Intelligence Platform

PT-2019-4306 · Sap · Sap Businessobjects Business Intelligence Platform

CVE-2019-0376

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5