Lucene search

K
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SAP_BUSINESS_OBJECTS_BIP_CVE-2021-21447.NASL
HistoryJan 10, 2023 - 12:00 a.m.

SAP BusinessObjects Business Intelligence Platform 4.1 < 4.1 SP12 P9 / 4.2 < 4.2 SP8 P5 XSS (2965154)

2023-01-1000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
sap businessobjects
bi platform
xss vulnerability
windows host
input control
javascript payload
stored cross-site scripting
nessus scanner

EPSS

0.001

Percentile

22.7%

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to 4.1 SP12 P9, 4.2 SP8 P5 or 4.2 SP9 P0. It is, therefore, affected by a XSS vulnerability. An authenticated attacker is allowed to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by any user who views the relevant application content, leading to Stored Cross-Site Scripting.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(169745);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/11");

  script_cve_id("CVE-2021-21447");
  script_xref(name:"IAVA", value:"2021-A-0043");

  script_name(english:"SAP BusinessObjects Business Intelligence Platform 4.1 < 4.1 SP12 P9 / 4.2 < 4.2 SP8 P5 XSS (2965154)");

  script_set_attribute(attribute:"synopsis", value:
"SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a XSS vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is prior to
4.1 SP12 P9, 4.2 SP8 P5 or 4.2 SP9 P0. It is, therefore, affected by a XSS vulnerability. An authenticated attacker is
allowed to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be
executed by any user who views the relevant application content, leading to Stored Cross-Site Scripting.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's
self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://launchpad.support.sap.com/#/notes/2965154");
  script_set_attribute(attribute:"solution", value:
"See vendor advisories.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21447");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:businessobjects_business_intelligence_platform");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sap_business_objects_intelligence_platform_win_installed.nbin");
  script_require_keys("installed_sw/SAP BusinessObjects Business Intelligence Platform", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'SAP BusinessObjects Business Intelligence Platform', win_local:TRUE);

# https://launchpad.support.sap.com/#/notes/0001602088 for translations
var constraints = [
  { 'min_version': '14.1', 'fixed_version' : '14.1.12.3703', 'fixed_display': '4.1 SP012 000900'},
  { 'min_version': '14.2', 'fixed_version' : '14.2.8.3642', 'fixed_display': '4.2 SP008 000500 / 4.2 SP009 000000'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE, flags:{'xss':TRUE});
VendorProductVersionCPE
sapbusinessobjects_business_intelligence_platformcpe:/a:sap:businessobjects_business_intelligence_platform

EPSS

0.001

Percentile

22.7%

Related for SAP_BUSINESS_OBJECTS_BIP_CVE-2021-21447.NASL