CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-42061

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile42.98th
Published2021年12月14日
Last Modified2024年11月21日

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.

Affected Platforms (CPE)

📦
Sap

Businessobjects Business Intelligence Platform

= 420

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/3103677
🔗 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
🔗 https://launchpad.support.sap.com/#/notes/3103677
🔗 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

相关漏洞威胁

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...

CVE-2019-02877.6

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all...

CVE-2021-405007.5

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to ex...