SAP BusinessObjects Multiple Input Validation Vulnerabilities
Gravità: : Medio
Data notifica: 21 luglio 2015
Descrizione
SAP BusinessObjects is prone to multiple input-validation vulnerabilities, including cross-site scripting issues, remote URI-redirection issues, and information-disclosure issues, because the application fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based authentication credentials, perform phishing attacks, and obtain sensitive information. Other attacks are also possible.
These issues affect BusinessObjects XI 3.x (12.x).
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software e versione interessati:
- SAP Business Objects XI 3.10