PT-2019-4306 · Sap · Sap Businessobjects Business Intelligence Platform

Published

2019-10-08

Updated

2019-10-10

CVE-2019-0376

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform versions prior to 4.2 and 4.3

Description The issue is related to the lack of input sanitization in the Web Intelligence HTML interface of the SAP BusinessObjects Business Intelligence platform. This can be exploited by a remote attacker to perform cross-site scripting attacks. Specifically, it allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.

Recommendations For versions prior to 4.2 and 4.3, update to a version that includes the necessary encoding of user-controlled inputs to prevent the execution of malicious scripts.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2020-00021

CVE-2019-0376

Affected Products

Sap Businessobjects Business Intelligence Platform

PT-2019-4306 · Sap · Sap Businessobjects Business Intelligence Platform

CVE-2019-0376

Weakness Enumeration

Related Identifiers

Affected Products

References · 5