XML Validation Flaw in SAP BusinessObjects Business Intelligence Platform
CVE-2019-0268

8.1HIGH

Key Information:

Vendor

SAP
Status
SAP Businessobjects Business Intelligence Platform (cmc Module)
Vendor
CVE Published:
12 March 2019

What is CVE-2019-0268?

An XML validation vulnerability exists in the SAP BusinessObjects Business Intelligence Platform's CMC Module, particularly in versions 4.10, 4.20, and 4.30. This flaw enables attackers to submit potentially malicious XML documents from untrusted sources, which the system fails to validate adequately. Such vulnerabilities can lead to security risks, including unauthorized access to confidential data or disruption of service. It's crucial for users of these affected versions to implement necessary security measures to mitigate this risk.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (CMC Module) < 4.1 < 4.1

SAP BusinessObjects Business Intelligence Platform (CMC Module) < 4.2 < 4.2

SAP BusinessObjects Business Intelligence Platform (CMC Module) < 4.3 < 4.3

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2689259
x_refsource_MISC
http://www.securityfocus.com/bid/107364
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.