Business Intelligence
by WebFOCUS
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14203 | Hig | 0.57 | 8.8 | 0.00 | Jun 22, 2020 | WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with… | ||
| CVE-2020-14204 | Hig | 0.53 | 8.2 | 0.02 | Jun 22, 2020 | In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is… | ||
| CVE-2020-14202 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2020 | WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. |
- risk 0.57cvss 8.8epss 0.00
WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with…
- risk 0.53cvss 8.2epss 0.02
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is…
- risk 0.40cvss 6.1epss 0.01
WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.