Cross-Site Scripting Vulnerability in SAP Business Objects Business Intelligence Platform
CVE-2020-6276

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Business Objects Business Intelligence Platform (bipodata)
Vendor
CVE Published:
14 July 2020

Summary

The SAP Business Objects Business Intelligence Platform, specifically version 4.2, is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient encoding of user-controlled inputs. This flaw can be exploited by attackers to inject malicious scripts, potentially leading to unauthorized actions or data theft in the context of an affected user session. Organizations using this platform should assess their security posture and implement the necessary mitigation measures to avoid exploitation.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (bipodata) < 4.2

References

https://launchpad.support.sap.com/#/notes/2849967
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.