cbcvebase.
CVE-2023-0018
published 2023-01-10

CVE-2023-0018: Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.

Affected

25 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 2.6.12 < 4.14.3084.14.308
linuxlinux_kernel>= 3.15.0 < 4.14.3244.14.324
linuxlinux_kernel>= 4.15.0 < 4.19.2934.19.293
linuxlinux_kernel>= 4.15.0 < 4.19.2764.19.276
linuxlinux_kernel>= 4.2.0 < 5.4.2435.4.243
linuxlinux_kernel>= 4.20.0 < 5.4.2555.4.255
linuxlinux_kernel>= 4.20.0 < 5.4.2355.4.235
linuxlinux_kernel>= 5.11.0 < 5.15.1235.15.123
linuxlinux_kernel>= 5.11.0 < 5.15.995.15.99
linuxlinux_kernel>= 5.11.0 < 5.15.1125.15.112
linuxlinux_kernel>= 5.15.121 < 5.15.1285.15.128
linuxlinux_kernel>= 5.16.0 < 6.1.426.1.42
linuxlinux_kernel>= 5.16.0 < 6.1.166.1.16
linuxlinux_kernel>= 5.16.0 < 6.1.296.1.29
linuxlinux_kernel>= 5.5.0 < 5.10.1925.10.192
linuxlinux_kernel>= 5.5.0 < 5.10.1735.10.173
linuxlinux_kernel>= 5.5.0 < 5.10.1805.10.180
linuxlinux_kernel>= 6.1.39 < 6.1.476.1.47
linuxlinux_kernel>= 6.2.0 < 6.4.76.4.7
linuxlinux_kernel>= 6.2.0 < 6.2.36.2.3
linuxlinux_kernel>= 6.2.0 < 6.2.166.2.16
linuxlinux_kernel>= 6.3.0 < 6.3.36.3.3
linuxlinux_kernel>= 6.4.4 < 6.4.126.4.12
sapbusinessobjects_business_intelligence_platform
sapbusinessobjects_business_intelligence_platform

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cisa7.2HIGH