JavaScript Injection Vulnerability in SAP BusinessObjects by SAP
CVE-2025-0062

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Businessobjects Business Intelligence Platform
Vendor: CVE Published:; 11 March 2025

Summary

The SAP BusinessObjects Business Intelligence Platform is vulnerable to a JavaScript injection flaw that enables attackers to execute malicious JavaScript code within Web Intelligence reports. When enabled by administrators in the Central Management Console, this vulnerability allows the injected code to run in a victim's browser upon accessing the compromised page. While this impacts the confidentiality and integrity of user data viewed in a browser, the system's overall availability remains unaffected.

Affected Version(s)

SAP BusinessObjects Business Intelligence Platform ENTERPRISE 430

SAP BusinessObjects Business Intelligence Platform 2025

SAP BusinessObjects Business Intelligence Platform ENTERPRISECLIENTTOOLS 430

References

https://me.sap.com/notes/3557459

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Dec 5, 2024