CVE-2023-42478

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.7 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3382353	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
https://me.sap.com/notes/3382353	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:::::::*
	cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:::::::*

History

No history.

Information

Published : 2023-12-12 01:15

Updated : 2024-11-21 08:22

NVD link : CVE-2023-42478

Mitre link : CVE-2023-42478

CVE.ORG link : CVE-2023-42478

JSON object : View

Products Affected

sap

business_objects_business_intelligence_platform

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-42478", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.3}]}, "published": "2023-12-12T01:15:10.627", "references": [{"url": "https://me.sap.com/notes/3382353", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3382353", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP Business Objects\u00a0Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.\n\n"}, {"lang": "es", "value": "SAP Business Objects Business Intelligence Platform es vulnerable al XSS almacenado, lo que permite a un atacante cargar documentos independientes en el sistema que, cuando los abre cualquier otro usuario, podr\u00edan tener un alto impacto en la integridad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T08:22:38.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:420:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F7F8064-45BC-4A01-897A-0A2893BBBEC0"}, {"criteria": "cpe:2.3:a:sap:business_objects_business_intelligence_platform:430:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EB0EFA3-8AD2-42F2-86E1-A62ECF8340E3"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}