Cross-Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2019-0382

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (web Intelligence)
Vendor: CVE Published:; 13 November 2019

Summary

A Cross-Site Scripting vulnerability exists in the SAP BusinessObjects Business Intelligence Platform, specifically within Web Intelligence publication-related pages. This weakness requires certain user privileges for exploitation, potentially allowing attackers to inject malicious scripts into web pages viewed by other users. The issue has been addressed in version 4.2, underscoring the necessity for users to update their software to mitigate risks associated with this vulnerability.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2817937

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 13, 2019
Vulnerability Reserved
Nov 26, 2018