CVE-2019-0334

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (BI Workspace) versions 4.1 through 4.3

Description The issue allows a malicious script to be stored in a module, potentially enabling a user to escalate privileges via session hijacking when the script is executed later. This could also lead to access of other sensitive information due to Stored Cross Site Scripting. The vulnerability exists due to inadequate protection of the web page structure, which may allow a remote attacker to elevate privileges or disclose protected information.

Recommendations For versions 4.1 through 4.3, consider disabling the module creation feature in BI Workspace until a patch is available to prevent the storage and execution of malicious scripts. Restrict access to sensitive information and monitor user sessions for potential hijacking attempts.