CRITICAL🇵🇱 Wersja polska

CVE-2023-0018

CVSS 10.0v3.1pub. 2023-01-10upd. 2024-11-21

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Sap Businessobjects Business Intelligence Platform

    APP
    Sap
    420430
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2023-0022CRITICAL9.9ten sam produkt

SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject...

CVE-2020-26831CRITICAL9.6ten sam produkt

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate upl...

CVE-2020-6294CRITICAL9.1ten sam produkt

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not pe...

CVE-2020-6242CRITICAL9.8ten sam produkt

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, all...

CVE-2020-6195CRITICAL9.8ten sam produkt

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the r...