Cross-Site Scripting Vulnerability in SAP BusinessObjects Fiori Launchpad
CVE-2019-0251

6.1MEDIUM

Key Information:

Vendor

SAP
Status
SAP Businessobjects Business Intelligence Platform (fiori LauncHPad)
Vendor
CVE Published:
15 February 2019

What is CVE-2019-0251?

The Fiori Launchpad of SAP BusinessObjects, prior to versions 4.2 and 4.3, is susceptible to a Cross-Site Scripting vulnerability due to insufficient encoding of user-controlled inputs. Attackers can exploit this flaw to inject malicious scripts into web pages that users may visit, potentially compromising user data or performing malicious actions on behalf of the user. Organizations using affected versions should prioritize updating their products to safeguard against this vulnerability.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Fiori Launchpad) < 4.2 < 4.2

SAP BusinessObjects Business Intelligence Platform (Fiori Launchpad) < 4.3 < 4.3

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
http://www.securityfocus.com/bid/106993
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2638175
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.