XML External Entity (XXE) Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC Module)

CVE-2019-0268 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:P

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.

Learn more about our Web Application Penetration Testing UK.