CVE-2023-42476
Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.
SAP Business Objects Web Intelligence: versión 420, permite a un atacante autenticado inyectar código JavaScript en documentos de Web Intelligence que luego se ejecuta en el navegador de la víctima cada vez que se visita la página vulnerable. La explotación exitosa puede llevar a la exposición de los datos a los que tiene acceso el usuario. En el peor de los casos, el atacante podría acceder a datos de bases de datos de informes.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-11 CVE Reserved
- 2023-12-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-12-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Businessobjects Web Intelligence Search vendor "Sap" for product "Businessobjects Web Intelligence" | 420 Search vendor "Sap" for product "Businessobjects Web Intelligence" and version "420" | - |
Affected
|