Rewterz Threat Alert – DNS Compromise Attack Phishing Spam
June 11, 2019Rewterz Threat Advisory – CVE-2019-7845 – Adobe Flash Player Arbitrary Code Execution Vulnerability
June 12, 2019Rewterz Threat Alert – DNS Compromise Attack Phishing Spam
June 11, 2019Rewterz Threat Advisory – CVE-2019-7845 – Adobe Flash Player Arbitrary Code Execution Vulnerability
June 12, 2019Severity
Medium
Analysis Summary
Certain input related to Administration Console is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Impact
Cross-Site Scripting
Affected Vendors
SAP
Affected Products
SAP BusinessObjects BI 4.2 and 4.3
Remediation
Vendor has released updates for the following product.
Apply SAP Note 2637997.