CVE-2020-6216Cross-site Scripting in SE SAP Business Objects Business Intelligence Platform

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 52.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business Objects Business Intelligence PlatformSAP Businessobjects Business Intelligence Platform
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-q3m3-f44j-425x: SAP Business Objects Business Intelligence Platform (BI Launchpad), version 42022-05-24
CVEList
CVE-2020-6216: SAP Business Objects Business Intelligence Platform (BI Launchpad), version 42020-04-14
CVE-2020-6216 — Cross-site Scripting | cvebase