Vulnerabilities > SAP > Businessobjects BI Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-13 CVE-2018-2479 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2018-10-09 CVE-2018-2472 Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2
SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
2018-10-09 CVE-2018-2467 Unspecified vulnerability in SAP Businessobjects BI Platform 4.1/4.2
In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the path of the used application server.
network
low complexity
sap
5.0