CVE-2019-0335

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform (Central Management Console) versions 4.1, 4.2, 4.3

Description: The issue allows an attacker to store a malicious payload within the description field of a user account. This payload is triggered when the mouse cursor is moved over the description field, resulting in a Stored Cross Site Scripting Attack when generating the informational pop-up box.

Recommendations: For versions 4.1, 4.2, 4.3, consider restricting access to the user account description field to minimize the risk of exploitation. As a temporary workaround, avoid using the description field in user accounts until a fix is available. Restrict the generation of informational pop-up boxes for user account descriptions to prevent the triggering of malicious payloads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.