PT-2019-4587 · Sap · Sap Businessobjects Business Intelligence Platform

Publicado

2019-07-09

·

Atualizado

2019-07-17

·

CVE-2019-0326

CVSS v2.0

6.4

Média

VetorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise) versions 4.1, 4.2, 4.3
Description The issue exists due to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue. This could allow a remote attacker to perform cross-site scripting attacks.
Recommendations For versions 4.1, 4.2, 4.3, update the software to a version that sufficiently encodes user-controlled inputs to prevent Cross-Site Scripting (XSS) attacks.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2020-00647
CVE-2019-0326

Produtos afetados

Sap Businessobjects Business Intelligence Platform