Описание
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability.
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity, and no impact to availability.
Уязвимость платформы бизнес-аналитики SAP BusinessObjects Business Intelligence, связанная с неправильным кодированием или экранированием выходных данных, позволяющая нарушителю осуществить SSRF-атаку
EPSS
5.4 Medium
CVSS3