CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-0259

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0790%
EPSS Percentile29.17th
Published2019年2月15日
Last Modified2024年11月21日

Vulnerability Description

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

Affected Platforms (CPE)

📦
Sap

Businessobjects

= 4.2
📦
Sap

Businessobjects

= 4.3

References & Advisories

🔗 http://www.securityfocus.com/bid/106997
🔗 https://launchpad.support.sap.com/#/notes/2727564
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943
🔗 http://www.securityfocus.com/bid/106997
🔗 https://launchpad.support.sap.com/#/notes/2727564
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943

相關漏洞威脅

CVE-2015-773010.0

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to caus...

CVE-2010-021910.0

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a de...

CVE-2014-938710.0

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges...

CVE-2014-93209.8

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently ga...