CVE-2021-21447

Published: Jan 12, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.

Affected (2)

Products: Sap: Businessobjects Business Intelligence

1 product

Businessobjects Business Intelligence

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Business Intelligence	Version 410
Sap Businessobjects Business Intelligence	Version 420

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://launchpad.support.sap.com/#/notes/2965154

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2965154

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.