Description
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP BusinessObjects Business Intelligence PlatformENTERPRISE 430 – ENTERPRISE 430
- SAP_SE / SAP BusinessObjects Business Intelligence Platform2025 – 2025
- SAP_SE / SAP BusinessObjects Business Intelligence PlatformENTERPRISECLIENTTOOLS 430 – ENTERPRISECLIENTTOOLS 430