CVE-2019-0374

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions prior to 4.2 and 4.3

Description The issue is related to insufficient encoding of user-controlled inputs in the Web Intelligence HTML interface, allowing the execution of scripts in the chart title. This results in reflected Cross-Site Scripting, which can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For versions prior to 4.2 and 4.3, consider disabling the chart title feature in the Web Intelligence HTML interface until a patch is available. Restrict access to the Web Intelligence HTML interface to minimize the risk of exploitation. Avoid using user-controlled inputs in the chart title until the issue is resolved.