Cross-Site Scripting Vulnerability in SAP Business Objects Web Intelligence
CVE-2022-22546

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Web Intelligence (bi LauncHPad)
Vendor: CVE Published:; 9 February 2022

Summary

An improper HTML encoding issue in the input control summary of SAP Business Objects Web Intelligence allows an authorized attacker to execute cross-site scripting attacks. This vulnerability can compromise the integrity of the application, allowing malicious scripts to be executed in the context of the user's browser session, potentially leading to unauthorized access to sensitive user data.

Affected Version(s)

SAP Business Objects Web Intelligence (BI Launchpad) 420

References

https://launchpad.support.sap.com/#/notes/3126748

x_refsource_MISC

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 9, 2022
Vulnerability Reserved
Jan 4, 2022