CVE-2019-0396

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform versions prior to 4.1 SAP BusinessObjects Business Intelligence Platform version 4.2 is not affected by this issue as it is mentioned to be corrected in versions 4.1 and 4.2, implying version 4.2 is a fixed version.

Description The issue arises due to insufficient validation of an XML document accepted from an untrusted source by the Web Intelligence HTML interface in the SAP BusinessObjects Business Intelligence Platform. This can be exploited by an attacker crafting a message with malicious elements that are not correctly filtered in specific workflows, potentially impacting the confidentiality and availability of protected information.

Recommendations For versions prior to 4.1, update to version 4.1 or later to resolve the issue. As a temporary workaround, consider restricting the acceptance of XML documents from untrusted sources until a patch is applied.