Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Published

2023-01-10T04:15:09.680

Last Modified

2024-11-21T07:36:23.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	business_objects_business_intelligence_platform	420	Yes

References

https://launchpad.support.sap.com/#/notes/3251447 Permissions Required, Vendor Advisory ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3251447 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)