CVE-2019-0396

HIGH Year: 2019
CVSS v3 Score
7.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.

Related Vulnerabilities

CVE-2009-2516

HIGH
CVSS:7.1(High)

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gai...

CWE-202009

CVE-2015-3150

HIGH
CVSS:7.1(High)

abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElemen...

CWE-202015

CVE-2015-9544

HIGH
CVSS:7.1(High)

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attack...

CWE-202015

CVE-2015-9545

HIGH
CVSS:7.1(High)

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can en...

CWE-202015

CVE-2016-3185

HIGH
CVSS:7.1(High)

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information ...

CWE-202016

CVE-2016-4449

HIGH
CVSS:7.1(High)

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrar...

CWE-202016