CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0259

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile29.17th
PublishedFeb 15, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

Affected Platforms (CPE)

πŸ“¦
Sap

Businessobjects

= 4.2
πŸ“¦
Sap

Businessobjects

= 4.3

References & Advisories

πŸ”— http://www.securityfocus.com/bid/106997
πŸ”— https://launchpad.support.sap.com/#/notes/2727564
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
πŸ”— http://www.securityfocus.com/bid/106997
πŸ”— https://launchpad.support.sap.com/#/notes/2727564
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

Related Vulnerabilities

CVE-2015-773010.0

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to caus...

CVE-2010-021910.0

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a de...

CVE-2014-938710.0

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges...

CVE-2014-93209.8

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently ga...