Cross-Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2019-0269

5.4MEDIUM

Key Information:

Vendor
SAP
Status
SAP Businessobjects Business Intelligence Platform (bi Workspace)
Vendor
CVE Published:
12 March 2019

Summary

The SAP BusinessObjects Business Intelligence Platform, specifically in versions 4.10 and 4.20, is susceptible to a Cross-Site Scripting (XSS) attack due to insufficient encoding of user-controlled inputs. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially compromising the integrity and confidentiality of user data. It is crucial for organizations using these versions to implement necessary updates and apply secure coding practices to mitigate this risk.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (BI Workspace) < 4.1 < 4.1

SAP BusinessObjects Business Intelligence Platform (BI Workspace) < 4.2 < 4.2

References

https://launchpad.support.sap.com/#/notes/2693962
x_refsource_MISC
http://www.securityfocus.com/bid/107359
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.