Lucene search
China National Vulnerability DatabaseCNVD-2023-03049HistoryJan 12, 2023 - 12:00 a.m.
SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2023-03049)
2023-01-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
sap
businessobjects
business intelligence
cross-site scripting
vulnerability
data integration
system integration
web intelligence
dhtml
json
response header
attackers
EPSS
0.001
Percentile
22.7%
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence (BI) products to eliminate system integration challenges and enable fast and easy deployment of high-performance business analytics software. The vulnerability stems from the fact that some of its calls return json of the wrong content type in the response header, which can be exploited by attackers to make custom applications that directly call the Web Intelligence DHTML jsp potentially vulnerable to cross-site scripting attacks.
Related
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-01-10 04:15:00
nvd
nvd
CVE-2023-0015
2023-01-10 04:15:09
nessus
nessus
SAP BusinessObjects Business Intelligence Platform XSS (3251447)
2023-01-23 00:00:00
cve
cve
CVE-2023-0015
2023-01-10 04:15:09