CVE-2023-0015

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence Platform version 420

Description The issue arises from some calls returning json with the wrong content type in the header of the response. This can make a custom application that directly calls the jsp of Web Intelligence DHTML vulnerable to XSS attacks. Successful exploitation can lead to limited impact on the confidentiality and integrity of the application.

Recommendations For version 420, update the software to a version that correctly sets the content type in the response header to prevent XSS attacks. As a temporary workaround, consider restricting direct access to the jsp of Web Intelligence DHTML to minimize the risk of exploitation.