Multiple vulnerabilities have been reported in SAP BusinessObjects BI, which can be exploited by malicious users to disclose sensitive information and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks.
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source. It can be exploited to disclose otherwise restricted information or cause a DoS condition via a specially crafted XML document including external entity references.
In SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, certain input related to BI Workspace is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
SAP BusinessObjects BI 4.x
Apply SAP Notes 2689259 and 2693962.