Cross-Site Scripting Vulnerability in SAP Business Objects BI Launchpad
CVE-2020-6281

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Business Objects Business Intelligence Platform (bi LauncHPad)
Vendor
CVE Published:
14 July 2020

Summary

The SAP Business Objects Business Intelligence Platform (BI Launchpad) version 4.2 is vulnerable to a Cross-Site Scripting (XSS) attack due to improper encoding of user-controlled inputs. This flaw allows an attacker to inject malicious scripts, which can then be executed in the context of other users' sessions, posing significant security risks as it may lead to data theft, session hijacking, and user impersonation. Proper validation and encoding mechanisms should be implemented to mitigate this vulnerability.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (BI Launchpad) < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2917743
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.