CVE-2019-0268 — XML Injection (aka Blind XPath Injection) in SE SAP Businessobjects Business Intelligence Platform

CWE-91 — XML Injection (aka Blind XPath Injection)3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.7%

top 27.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedMar 12

Latest updateMay 14

Description

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform< 4.1+2

▶NVDsap/businessobjects_business_intelligence4.1, 4.2, 4.3+2

🔴Vulnerability Details

GHSA

GHSA-77c6-mchv-4786: SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4↗2022-05-14

▶

CVEList

CVE-2019-0268: SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4↗2019-03-12

▶