Rewterz Threat Advisory – CVE-2019-1691 – Cisco Firepower Management Center Snort
February 21, 2019Rewterz Threat Alert – Fraudulent Phishing Emails – IoCs
February 21, 2019Severity
Medium
Analysis Summary
CVE-2019-0251
The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2019-0259
SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.
Impact
Cross Site Scripting
Security Bypass
Affected Products
SAP BusinessObjects BI 4.2
SAP BusinessObjects BI 4.3
Remediation
Apply SAP Notes 2727564 and 2638175.