CVE-2019-0375

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions prior to 4.2 and 4.3

Description The issue is related to insufficient encoding of user-controlled inputs in the Web Intelligence HTML interface, allowing the execution of scripts in the export dialog box of the report name. This results in reflected Cross-Site Scripting, which can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For versions prior to 4.2 and 4.3, update to version 4.2 or 4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the export dialog box of the report name to minimize the risk of exploitation.