SAP Business Objects Platform Vulnerable to Stored XSS Attacks
CVE-2024-28165

8.1HIGH

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-28165?

The SAP Business Objects Business Intelligence Platform is susceptible to a stored cross-site scripting (XSS) vulnerability that permits an attacker to manipulate parameters within the Opendocument URL. This security flaw can lead to severe repercussions on the confidentiality and integrity of the application, potentially allowing unauthorized access or manipulation of sensitive information. Users and organizations utilizing this platform are advised to reference SAP's security updates and implement necessary measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform 430

SAP BusinessObjects Business Intelligence Platform 440

References

https://me.sap.com/notes/3431794

https://support.sap.com/en/my-support/knowledge-base/secu...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 6, 2024