Unrated severityNVD Advisory· Published Dec 12, 2023· Updated Aug 2, 2024

Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

CVE-2023-42476

Description

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

Affected products

SAP/BusinessObjects Business Intelligencellm-fuzzy
Range: = 420
SAP/Sap Businessobjects Business Intelligence (bi Workspace)cpe-rescue
Range: 420

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3382353mitre
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000