Rewterz Threat Advisory – CVE-2019-0251/ CVE-2019-0259 – SAP BusinessObjects BI Multiple Vulnerabilities

Rewterz Threat Advisory – CVE-2019-1691 – Cisco Firepower Management Center Snort

February 21, 2019

Rewterz Threat Alert – Fraudulent Phishing Emails – IoCs

February 21, 2019

Rewterz Threat Advisory – CVE-2019-0251/ CVE-2019-0259 – SAP BusinessObjects BI Multiple Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2019-0251

The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2019-0259

SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without proper file format validation.

Impact

Cross Site Scripting

Security Bypass

Affected Products

SAP BusinessObjects BI 4.2

SAP BusinessObjects BI 4.3

Remediation

Apply SAP Notes 2727564 and 2638175.

Rewterz Threat Advisory – CVE-2019-1691 – Cisco Firepower Management Center Snort

Rewterz Threat Alert – Fraudulent Phishing Emails – IoCs

Rewterz Threat Advisory – CVE-2019-0251/ CVE-2019-0259 – SAP BusinessObjects BI Multiple Vulnerabilities

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan