Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
CVE-2023-42476

6.8MEDIUM

Key Information:

Vendor: SAP
Status: SAP BusinessObjects Web Intelligence
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-42476?

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

Affected Version(s)

SAP BusinessObjects Web Intelligence 420

References

https://me.sap.com/notes/3382353

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Sep 11, 2023