CVE-2019-0268

XML Injection (aka Blind XPath Injection) (CWE-91)

Published: Mar 12, 2019 / Updated: 69mo ago

010
No CVSS yetEPSS 0.22%
CVE info copied to clipboard

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.

Timeline

First Article

Feedly found the first article mentioning CVE-2019-0268. See article

Mar 12, 2019 at 10:03 PM / www.securityfocus.com
EPSS

EPSS Score was set to: 0.22% (Percentile: 59.3%)

Sep 27, 2023 at 5:31 PM
Static CVE Timeline Graph

Affected Systems

Sap/businessobjects_business_intelligence
+null more

Patches

wiki.scn.sap.com
+null more

Attack Patterns

CAPEC-250: XML Injection
+null more

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI