CVE-2019-0396

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp11:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp12:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-13 23:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-0396

Mitre link : CVE-2019-0396

CVE.ORG link : CVE-2019-0396


JSON object : View

Products Affected

sap

  • businessobjects_business_intelligence_platform
CWE
CWE-20

Improper Input Validation