CVE-2022-28216

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420

Description The issue is related to a Cross-Site Scripting attack that can be performed by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports, causing a limited impact on confidentiality of the application data.

Recommendations For SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420, update to a version that properly sanitizes user inputs to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to sensitive reports and implementing additional input validation measures to minimize the risk of exploitation.