Lucene search

SapCVELIST:CVE-2023-42478

HistoryDec 12, 2023 - 12:58 a.m.

CVE-2023-42478 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform

2023-12-1200:58:53

CWE-79

sap

www.cve.org

cve-2023-42478

cross-site scripting

sap businessobjects

business intelligence platform

stored xss

agnostic documents

integrity impact

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

16.0%

JSON

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Business Objects BI Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "420"
      },
      {
        "status": "affected",
        "version": "430"
      }
    ]
  }
]

References

me.sap.com/notes/3382353

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

16.0%

JSON

Related for CVELIST:CVE-2023-42478