CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.

Published : 2018-03-14 19:29 Updated : 2019-10-09 23:40

3.5
CVSS Score More info
Score 3.5 / 10
3.5
Vendor Product Version URI
Sap Businessobjects Business Intelligence Platform 4.00 cpe:/a:sap:businessobjects_business_intelligence_platform:4.00
Sap Businessobjects Business Intelligence Platform 4.10 cpe:/a:sap:businessobjects_business_intelligence_platform:4.10
Sap Businessobjects Business Intelligence Platform 4.20 cpe:/a:sap:businessobjects_business_intelligence_platform:4.20
Sap Businessobjects Business Intelligence Platform 4.30 cpe:/a:sap:businessobjects_business_intelligence_platform:4.30
  1. Sap (1) Search CVE
    1. Businessobjects Business Intelligence Platform (4) Search CVE
      1. 4.00
      2. 4.10
      3. 4.20
      4. 4.30

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2018-04-10 18:31
2018-03-16 01:29
2018-03-14 19:29

New CVE