CVE-2023-31406 — Cross-site Scripting in SE SAP Businessobjects Business Intelligence Platform

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 42.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Businessobjects Business Intelligence Platform SAP Businessobjects Business Intelligence

Timeline

PublishedMay 9

Description

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap_se/sap_businessobjects_business_intelligence_platform420, 430+1

▶NVDsap/businessobjects_business_intelligence420, 430+1

🔴Vulnerability Details

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform↗2023-05-09

▶

GHSA

GHSA-5j5c-v3ff-gmqc: Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to re↗2023-05-09

▶