CVE-2023-42476

Name of the Vulnerable Software and Affected Versions SAP Business Objects Web Intelligence version 420

Description The issue allows an authenticated attacker to inject JavaScript code into Web Intelligence documents, which is then executed in the victim's browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, the attacker could access data from reporting databases.

Recommendations For SAP Business Objects Web Intelligence version 420, update to a version that includes a fix for this issue to prevent JavaScript code injection and potential data exposure. As a temporary workaround, consider restricting access to Web Intelligence documents to minimize the risk of exploitation.