CVE-2021-42061

CVE-2021-42061

Vendor Sap Se
Product SAP BusinessObjects Business Intelligence Platform
Weakness CWE-79 · XSS
Published December 14, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.

Key dates

02Disclosure timeline

December 14, 2021 CVE published
August 4, 2024 Record updated