VYPR
Vendor

WebFOCUS

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2020-14203HigJun 22, 2020
    risk 0.57cvss 8.8epss 0.00

    WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with…

  • CVE-2020-14204HigJun 22, 2020
    risk 0.53cvss 8.2epss 0.02

    In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is…

  • CVE-2020-14202MedJun 22, 2020
    risk 0.40cvss 6.1epss 0.01

    WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters.