SAP Business Objects Platform Vulnerable to Stored XSS Attacks
CVE-2024-28165
8.1HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 May 2024
What is CVE-2024-28165?
The SAP Business Objects Business Intelligence Platform is susceptible to a stored cross-site scripting (XSS) vulnerability that permits an attacker to manipulate parameters within the Opendocument URL. This security flaw can lead to severe repercussions on the confidentiality and integrity of the application, potentially allowing unauthorized access or manipulation of sensitive information. Users and organizations utilizing this platform are advised to reference SAP's security updates and implement necessary measures to mitigate the risks associated with this vulnerability.
Affected Version(s)
SAP BusinessObjects Business Intelligence Platform 430
SAP BusinessObjects Business Intelligence Platform 440