Lucene search

SapCVELIST:CVE-2024-28165

HistoryMay 14, 2024 - 3:51 a.m.

CVE-2024-28165 Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

2024-05-1403:51:20

CWE-79

sap

www.cve.org

sap businessobjects

bi platform

xss

vulnerability

confidentiality

integrity

opendocument url

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP BusinessObjects Business Intelligence Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "430"
      },
      {
        "status": "affected",
        "version": "440"
      }
    ]
  }
]

References

me.sap.com/notes/3431794

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-28165