Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform
CVE-2020-6312

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (web Intelligence Html Interface)
Vendor: CVE Published:; 9 September 2020

Summary

The SAP BusinessObjects Business Intelligence Platform's Web Intelligence HTML interface is susceptible to stored Cross Site Scripting when certain web page properties are edited by a non-administrative user. This vulnerability allows attackers to manipulate how a browser interprets various page elements, potentially leading to unauthorized access or modification of metadata when users interact with affected web elements.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.1 < 4.1

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2 < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2930128

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Jan 8, 2020