CVE-2023-42476

Published: Dec 12, 2023Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Exploitability: 2.3 / Impact: 4.0

Source: NVD

Description

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

Affected (1)

Products: Sap: Businessobjects Web Intelligence

1 product

Businessobjects Web Intelligence

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Businessobjects Web Intelligence	Version 420

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://me.sap.com/notes/3382353

Source: cna@sap.com

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://me.sap.com/notes/3382353

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.