Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SAP BusinessObjects Business Intelligence Suite by SAP

    CVE-2018-2431 (GCVE-0-2018-2431)

    Vulnerability from nvd – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104695",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104695"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2624762"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP BusinessObjects Business Intelligence Suite",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 4.10"
                },
                {
                  "status": "affected",
                  "version": "= 4.20"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "104695",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104695"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2624762"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2431",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP BusinessObjects Business Intelligence Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "4.10"
                              },
                              {
                                "version_name": "=",
                                "version_value": "4.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104695",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104695"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2624762",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2624762"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2431",
        "datePublished": "2018-07-10T18:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:34.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2427 (GCVE-0-2018-2427)

    Vulnerability from nvd – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP BusinessObjects Business Intelligence Suite Affected: = 4.10
    Affected: = 4.20
    Create a notification for this product.
    SAP SAP Crystal Reports Affected: = version for Visual Studio .NET, Version 2010
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2620738"
              },
              {
                "name": "104715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104715"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP BusinessObjects Business Intelligence Suite",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 4.10"
                },
                {
                  "status": "affected",
                  "version": "= 4.20"
                }
              ]
            },
            {
              "product": "SAP Crystal Reports",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= version for Visual Studio .NET, Version 2010"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-12T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2620738"
            },
            {
              "name": "104715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104715"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2427",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP BusinessObjects Business Intelligence Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "4.10"
                              },
                              {
                                "version_name": "=",
                                "version_value": "4.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Crystal Reports",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "version for Visual Studio .NET, Version 2010"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2620738",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2620738"
                },
                {
                  "name": "104715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104715"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2427",
        "datePublished": "2018-07-10T18:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2431 (GCVE-0-2018-2431)

    Vulnerability from cvelistv5 – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.117Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104695",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104695"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2624762"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP BusinessObjects Business Intelligence Suite",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 4.10"
                },
                {
                  "status": "affected",
                  "version": "= 4.20"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-11T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "104695",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104695"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2624762"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2431",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP BusinessObjects Business Intelligence Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "4.10"
                              },
                              {
                                "version_name": "=",
                                "version_value": "4.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104695",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104695"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2624762",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2624762"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2431",
        "datePublished": "2018-07-10T18:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:34.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2427 (GCVE-0-2018-2427)

    Vulnerability from cvelistv5 – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP BusinessObjects Business Intelligence Suite Affected: = 4.10
    Affected: = 4.20
    Create a notification for this product.
    SAP SAP Crystal Reports Affected: = version for Visual Studio .NET, Version 2010
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2620738"
              },
              {
                "name": "104715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104715"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP BusinessObjects Business Intelligence Suite",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 4.10"
                },
                {
                  "status": "affected",
                  "version": "= 4.20"
                }
              ]
            },
            {
              "product": "SAP Crystal Reports",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= version for Visual Studio .NET, Version 2010"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-12T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2620738"
            },
            {
              "name": "104715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104715"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2427",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP BusinessObjects Business Intelligence Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "4.10"
                              },
                              {
                                "version_name": "=",
                                "version_value": "4.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Crystal Reports",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "version for Visual Studio .NET, Version 2010"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2620738",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2620738"
                },
                {
                  "name": "104715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104715"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2427",
        "datePublished": "2018-07-10T18:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }