CVE-2020-6222

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) versions 4.1, 4.2

Description The issue is related to insufficient encoding of user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability. This means that an attacker could potentially inject malicious scripts into the website, which would then be executed by the user's browser.

Recommendations For versions 4.1 and 4.2, ensure that all user-controlled inputs are properly encoded to prevent XSS attacks. As a temporary workaround, consider restricting access to the Web Intelligence HTML interface until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.