CVE-2019-0332

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (Info View) versions 4.1, 4.2, 4.3

Description The issue allows an attacker to inject malicious payload as a keyword in the search function, which is then executed during the search action, resulting in a Cross-Site Scripting (XSS) issue. This is due to inadequate protection of the web page structure, enabling a remote attacker to perform XSS attacks.

Recommendations For versions 4.1, 4.2, 4.3, consider restricting the input for the search function to prevent malicious payload injection until a patch is available. As a temporary workaround, restrict access to the search functionality in the SAP BusinessObjects Business Intelligence Platform to minimize the risk of exploitation.