CVE-2023-42474 MEDIUM

CVE-2023-42474: Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence

Vendor Sap_Se
Product SAP BusinessObjects Web Intelligence
Weakness CWE-79 · XSS
Published October 10, 2023
Last update September 18, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.

Key dates

02Disclosure timeline

October 10, 2023 CVE published
September 18, 2024 Record updated