CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.
| Software | From | Fixed in |
|---|---|---|
| sap / businessobjects_business_intelligence_platform | 4.2-sp04 | 4.2-sp04.x |
| sap / businessobjects_business_intelligence_platform | 4.2-sp05 | 4.2-sp05.x |
| sap / businessobjects_business_intelligence_platform | 4.2-sp06 | 4.2-sp06.x |
| sap / businessobjects_business_intelligence_platform | 4.2-sp07 | 4.2-sp07.x |
| sap / businessobjects_business_intelligence_platform | 4.0 | 4.0.x |
| sap / businessobjects_business_intelligence_platform | 4.1-sp12 | 4.1-sp12.x |
| sap / businessobjects_business_intelligence_platform | 4.1-sp11 | 4.1-sp11.x |
| sap / businessobjects_business_intelligence_platform | 4.1-sp10 | 4.1-sp10.x |
| sap / businessobjects_business_intelligence_platform | 4.1 | 4.1.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime