CVE-2023-42478

Published: Dec 12, 2023Modified: Nov 21, 2024

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Exploitability: 2.3 / Impact: 4.7

Source: NVD

Description

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

Affected (2)

Products: Sap: Business Objects Business Intelligence Platform

Sap

1 product

Business Objects Business Intelligence Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Business Objects Business Intelligence Platform	Version 420
Sap Business Objects Business Intelligence Platform	Version 430

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://me.sap.com/notes/3382353

Source: cna@sap.com

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://me.sap.com/notes/3382353

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.