Stored Cross-Site Scripting in SAP BusinessObjects BI Platform
CVE-2021-33679

5.4MEDIUM

Key Information:

Vendor

SAP
Status
SAP Businessobjects Business Intelligence Platform (bi Workspace)
Vendor
CVE Published:
14 September 2021

What is CVE-2021-33679?

The SAP BusinessObjects BI Platform version 420 has a vulnerability that allows attackers with basic access to inject malicious scripts when creating new module documents, files, or folders. These scripts are stored within the application and executed when another user accesses the affected page, posing serious risks to user confidentiality and integrity. This flaw can be exploited to hijack user sessions, leading to unauthorized access and data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (BI Workspace) < 420

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3055180
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.