CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
EPSS
Percentile
36.3%
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | businessobjects_business_intelligence_platform | 4.0 | cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.0:*:*:*:*:*:*:* |
sap | businessobjects_business_intelligence_platform | 4.1 | cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp10:*:*:*:*:*:* |
sap | businessobjects_business_intelligence_platform | 4.1 | cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp11:*:*:*:*:*:* |
sap | businessobjects_business_intelligence_platform | 4.1 | cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:sp12:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
EPSS
Percentile
36.3%