CVE-2024-28165

Description

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected products

SAP_SE / SAP BusinessObjects Business Intelligence Platform430 – 430
SAP_SE / SAP BusinessObjects Business Intelligence Platform440 – 440

References

MISChttps://me.sap.com/notes/3431794
MISChttps://support.sap.com/en/my-support/knowledge-base/security-notes-news.html