CVE-2023-42478 HIGH

CVE-2023-42478: Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform

Vendor Sap_Se
Product Business Objects BI Platform
Weakness CWE-79 · XSS
Published December 12, 2023
Last update August 2, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

Key dates

02Disclosure timeline

December 12, 2023 CVE published
August 2, 2024 Record updated