SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:HSap Businessobjects Business Intelligence Platform
APPSap4.14.24.3
Related vulnerabilities
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platf...
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject...
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not pe...
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, all...
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the r...