CVE-2019-0303

EPSS 0.8%

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 jun 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.

Productos afectados

SAP SE · SAP BusinessObjects Business Intelligence Platform (Administration Console)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://launchpad.support.sap.com/#/notes/2637997 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242