CVE-2020-6300

Description

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.

Risk Information

Base Score

4.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.237

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.2	Windows
Multiple Vulnerabilities are affected in SAP Business Objects Business Intelligence Platform 4.3	Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.2	Windows
Multiple Vulnerabilities are affected in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.3	Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234