Stored Cross-Site Scripting in SAP BusinessObjects BI Platform
CVE-2021-33679

5.4MEDIUM

Key Information:

Vendor
SAP
Status
SAP Businessobjects Business Intelligence Platform (bi Workspace)
Vendor
CVE Published:
14 September 2021

Summary

The SAP BusinessObjects BI Platform version 420 has a vulnerability that allows attackers with basic access to inject malicious scripts when creating new module documents, files, or folders. These scripts are stored within the application and executed when another user accesses the affected page, posing serious risks to user confidentiality and integrity. This flaw can be exploited to hijack user sessions, leading to unauthorized access and data manipulation.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (BI Workspace) < 420

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3055180
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.