Stored Cross-Site Scripting Vulnerability in SAP BusinessObjects BI Platform
CVE-2019-0377

5.4MEDIUM

Key Information:

Vendor
SAP
Status
SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface)
Vendor
CVE Published:
8 October 2019

Summary

The SAP BusinessObjects Business Intelligence Platform's Web Intelligence HTML interface prior to version 4.2 lacks adequate encoding for user-controlled inputs. This weakness allows attackers to inject malicious scripts, leading to Stored Cross-Site Scripting (XSS). Such vulnerabilities can compromise web applications and user data, making it essential for organizations to apply patches or updates to safeguard their systems.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM
https://launchpad.support.sap.com/#/notes/2817945
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.