SAP BusinessObjects Multiple Input Validation Vulnerabilities
Gravité: : Medium
Date du conseil: 21 juillet 2015
Description
SAP BusinessObjects is prone to multiple input-validation vulnerabilities, including cross-site scripting issues, remote URI-redirection issues, and information-disclosure issues, because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials, perform phishing attacks, and obtain sensitive information. Other attacks are also possible.
These issues affect BusinessObjects XI 3.x (12.x).
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Affected software and version:
- SAP Business Objects XI 3.10