CVE-2023-23856

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects Business Intelligence version 430

Description The issue affects the Web Intelligence user interface, where certain calls return JSON with an incorrect content type in the response header. This can make custom applications that directly call the Web Intelligence DHTML JSP vulnerable to XSS attacks. Successful exploitation can result in a low impact on the application's integrity.

Recommendations For version 430, update the application to ensure correct content type headers are set in responses to prevent XSS attacks. As a temporary workaround, consider restricting access to the Web Intelligence DHTML JSP to minimize the risk of exploitation.