CVE-2019-0259

CWE-434Unrestricted File Upload3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 28.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Businessobjects Business Intelligence Platform Servers (enterprise)SAP Businessobjects
Timeline
PublishedFeb 15
Latest updateMay 14

Description

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsap/businessobjects4.2, 4.3+1

🔴Vulnerability Details

2
GHSA
GHSA-qxc5-v3qf-64v6: SAP BusinessObjects, versions 42022-05-14
CVEList
CVE-2019-0259: SAP BusinessObjects, versions 42019-02-15
CVE-2019-0259 (CRITICAL CVSS 9.8) | SAP BusinessObjects | cvebase.io