Lucene search

SapCVE-2023-42478

HistoryDec 12, 2023 - 1:15 a.m.

CVE-2023-42478

2023-12-1201:15:10

CWE-79

sap

web.nvd.nist.gov

sap

business objects

bi platform

vulnerability

stored xss

nvd

cve-2023-42478

CVSS3

7.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

16.0%

JSON

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

Affected configurations

Nvd

Node

sapbusiness_objects_business_intelligence_platformMatch420

sapbusiness_objects_business_intelligence_platformMatch430

VendorProductVersionCPE
sapbusiness_objects_business_intelligence_platform420cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:*
sapbusiness_objects_business_intelligence_platform430cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	business_objects_business_intelligence_platform	420	cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:::::::*
sap	business_objects_business_intelligence_platform	430	cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Business Objects BI Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "420"
      },
      {
        "status": "affected",
        "version": "430"
      }
    ]
  }
]

References

me.sap.com/notes/3382353

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html