Lucene search

[email protected]CVE-2019-0332

HistoryAug 14, 2019 - 2:15 p.m.

CVE-2019-0332

2019-08-1414:15:15

CWE-79

[email protected]

web.nvd.nist.gov

sap

businessobjects

bi platform

info view

4.1

4.2

4.3

xss

vulnerability

cross-site scripting

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability.

Affected configurations

NVD

Node

sapbusinessobjects_business_intelligenceMatch4.1

sapbusinessobjects_business_intelligenceMatch4.2

sapbusinessobjects_business_intelligenceMatch4.3

CPENameOperatorVersion
sap:businessobjects_business_intelligencesap businessobjects business intelligenceeq4.1
sap:businessobjects_business_intelligencesap businessobjects business intelligenceeq4.2
sap:businessobjects_business_intelligencesap businessobjects business intelligenceeq4.3

CPE	Name	Operator	Version
sap:businessobjects_business_intelligence	sap businessobjects business intelligence	eq	4.1
sap:businessobjects_business_intelligence	sap businessobjects business intelligence	eq	4.2
sap:businessobjects_business_intelligence	sap businessobjects business intelligence	eq	4.3

CNA Affected

[
  {
    "product": "SAP BusinessObjects Business Intelligence Platform (Info View)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.1"
      },
      {
        "status": "affected",
        "version": "< 4.2"
      },
      {
        "status": "affected",
        "version": "< 4.3"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2742468

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for CVE-2019-0332

cvelist1 nvd1 prion1