CRITICAL🇬🇧 English

CVE-2020-26831

CVSS 9.6v3.1pub. 2020-12-09upd. 2024-11-21

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
  • Sap Businessobjects Business Intelligence Platform

    APP
    Sap
    4.14.24.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRF
CWE
Referencje

Powiązane podatności

CVE-2023-0018CRITICAL10.0ten sam produkt

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platf...

CVE-2023-0022CRITICAL9.9ten sam produkt

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject...

CVE-2020-6294CRITICAL9.1ten sam produkt

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not pe...

CVE-2020-6242CRITICAL9.8ten sam produkt

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, all...

CVE-2020-6195CRITICAL9.8ten sam produkt

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the r...