Home

CVE-2020-6221

Description

Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.248

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.1Windows
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.2Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.1Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.2Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234