PT-2019-4587 · Sap · Sap Businessobjects Business Intelligence Platform

Published

2019-07-09

Updated

2019-07-17

CVE-2019-0326

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise) versions 4.1, 4.2, 4.3

Description The issue exists due to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue. This could allow a remote attacker to perform cross-site scripting attacks.

Recommendations For versions 4.1, 4.2, 4.3, update the software to a version that sufficiently encodes user-controlled inputs to prevent Cross-Site Scripting (XSS) attacks.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2020-00647

CVE-2019-0326

Affected Products

Sap Businessobjects Business Intelligence Platform

PT-2019-4587 · Sap · Sap Businessobjects Business Intelligence Platform

CVE-2019-0326

Weakness Enumeration

Related Identifiers

Affected Products

References · 6