Lucene search
HistoryDec 12, 2023 - 1:15 a.m.
CVE-2023-42478
sap
business intelligence platform
stored xss
agnostic documents
integrity impact
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
EPSS
0.001
Percentile
16.0%
SAP Business ObjectsΒ Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
Affected configurations
Node
sapbusiness_objects_business_intelligence_platformMatch420
ORsapbusiness_objects_business_intelligence_platformMatch430
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | business_objects_business_intelligence_platform | 420 | cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:* |
| sap | business_objects_business_intelligence_platform | 430 | cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2023-12-12 01:15:00
cve
cve
CVE-2023-42478
2023-12-12 01:15:10
cnvd
cnvd
cvelist
cvelist
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
EPSS
0.001
Percentile
16.0%
Related for NVD:CVE-2023-42478