PT-2019-5601 · Sap · Sap Webintelligence Bilaunchpad

Publicado

2019-02-15

Atualizado

2019-02-19

CVE-2019-0262

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP WebIntelligence BILaunchPad versions 4.10, 4.20

Description The issue is related to insufficient encoding of user-controlled inputs in generated HTML reports, resulting in a Cross-Site Scripting (XSS) issue. This can be exploited by a remote attacker to perform inter-site scripting attacks.

Recommendations For versions 4.10 and 4.20, consider implementing input validation and encoding for all user-controlled inputs in generated HTML reports to prevent XSS attacks. As a temporary workaround, restrict access to the generated HTML reports until a proper fix is applied.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2020-04652

CVE-2019-0262

Produtos afetados

Sap Webintelligence Bilaunchpad

PT-2019-5601 · Sap · Sap Webintelligence Bilaunchpad

CVE-2019-0262

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6