Vulnerabilities > SAP > Businessobjects BI Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-15 CVE-2019-0262 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.10/4.20
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2018-11-13 CVE-2018-2479 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-10-09 CVE-2018-2472 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2018-10-09 CVE-2018-2467 Unspecified vulnerability in SAP Businessobjects BI Platform 4.1/4.2
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
network
low complexity
sap
5.3