Description

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

Related CPE's

a

sap

businessobjects_business_intelligence_platform

420

Vulnerable

References

https://launchpad.support.sap.com/#/notes/3055180

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-14T12:15:09.110

3 years ago

Last modified

2021-09-24T13:55:30.953

3 years ago