XML Document Validation Flaw in SAP BusinessObjects Business Intelligence Platform
CVE-2019-0396
7.1HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 13 November 2019
What is CVE-2019-0396?
The SAP BusinessObjects Business Intelligence Platform has a vulnerability in its Web Intelligence HTML interface that can be exploited through untrusted XML documents. The platform fails to adequately validate XML data, allowing attackers to inject malicious elements into documents. This can lead to security breaches during specific workflows, potentially exposing sensitive information or disrupting services.
Affected Version(s)
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.1 < 4.1
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2 < 4.2