CVE-2019-0396

Published: Nov 13, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.

Vendor	Product	Versions
SAP SE	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)	affected `< 4.1` affected `< 4.2`

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2814007

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-0396

Description

Affected Products

References