Cross-Site Scripting Vulnerability in SAP BusinessObjects BI LaunchPad
CVE-2022-39800

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform (bi LauncHPad)
Vendor: CVE Published:; 11 October 2022

Summary

SAP BusinessObjects BI LaunchPad versions 420 and 430 are vulnerable to a cross-site scripting attack due to inadequate sanitization of user inputs during network interactions. This flaw allows an unauthenticated attacker to execute malicious scripts in the context of a user session. If exploited, it could lead to unauthorized viewing or modification of sensitive information, potentially compromising the confidentiality and integrity of the application.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) < 420 < 420

SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) < 430 < 430

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

https://launchpad.support.sap.com/#/notes/3211161

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
Sep 2, 2022