CVE-2020-6281Cross-site Scripting in SE SAP Business Objects Business Intelligence Platform

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 62.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business Objects Business Intelligence PlatformSAP Businessobjects Business Intelligence Platform
Timeline
PublishedJul 14
Latest updateMay 24

Description

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-px6h-7v38-8hhr: SAP Business Objects Business Intelligence Platform (BI Launchpad), version 42022-05-24
CVEList
CVE-2020-6281: SAP Business Objects Business Intelligence Platform (BI Launchpad), version 42020-07-14
CVE-2020-6281 — Cross-site Scripting | cvebase