Cross-Site Scripting Vulnerability in SAP Business Objects Business Intelligence Platform
CVE-2020-6222

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface)
Vendor: CVE Published:; 14 April 2020

Summary

The SAP Business Objects Business Intelligence Platform, particularly its Web Intelligence HTML interface, exhibits a flaw due to inadequate encoding of user-controlled inputs. This vulnerability allows attackers to execute malicious scripts in the context of a user's session, potentially compromising sensitive information and user interactions. It is essential for organizations utilizing affected versions to implement security measures and apply available patches to enhance their defenses against potential exploitation.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.1 < 4.1

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2 < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2880804

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 14, 2020
Vulnerability Reserved
Jan 8, 2020