CVE-2019-0303

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform versions 4.2, 4.3

Description The issue exists due to the lack of neutralization of special elements in the BILogon/appService.jsp module. This could allow a remote attacker to execute arbitrary code. The module reflects the requested parameter errMsg into response content without proper sanitation, potentially enabling an attacker to build a special URL that executes custom JavaScript code when accessed.

Recommendations For versions 4.2 and 4.3, consider disabling the BILogon/appService.jsp module until a patch is available to prevent potential exploitation. Restrict access to the module to minimize the risk of arbitrary code execution. Avoid using the errMsg parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.