X-Frame-Options Vulnerability in SAP Business Objects BI Platform
CVE-2021-21444

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Business Intelligence Platform (cmc And Bi LauncHPad)
Vendor: CVE Published:; 9 February 2021

Summary

The SAP Business Objects BI Platform is susceptible to an issue where multiple entries of the X-Frame-Options header in the HTTP response can be treated unpredictably by different user agents. This mismanagement can lead to potential Clickjacking attacks, where an attacker tricks users into clicking on something different from what the user perceives, thereby compromising their actions on the website.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) < 410 < 410

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) < 420 < 420

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) < 430 < 430

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2935791

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2021
Vulnerability Reserved
Dec 30, 2020