本ページは ibi webfocus_business_intelligence に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-14204 | In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration. | [email protected] | 8.2 | 1.91% | 2020-06-22 | 2026-06-16 |
| CVE-2020-14203 | WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. | [email protected] | 8.8 | 0.48% | 2020-06-22 | 2026-06-16 |
| CVE-2020-14202 | WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | [email protected] | 6.1 | 0.67% | 2020-06-22 | 2026-06-16 |