CyberSec.Space Logo
Back to CVE Browser

CVE-2021-42061

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile42.98th
PublishedDec 14, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.

Affected Platforms (CPE)

πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 420

References & Advisories

πŸ”— https://launchpad.support.sap.com/#/notes/3103677
πŸ”— https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
πŸ”— https://launchpad.support.sap.com/#/notes/3103677
πŸ”— https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

Related Vulnerabilities

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...

CVE-2019-02877.6

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all...

CVE-2021-405007.5

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to ex...