CVE-2023-23856
published 2023-02-14CVE-2023-23856: In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | business_objects_business_intelligence_platform | — | — |
| sap_se | sap_businessobjects_business_intelligence | — | — |