CVE-2023-42478

HIGH

SAP Business Objects Business Intelligence Platform - Stored Cross-Site Scripting via Agnostic Document Upload

Title source: llm

Description

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3382353

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L

Details

CWE

CWE-79

Status published

Products (2)

sap/business_objects_business_intelligence_platform 420

sap/business_objects_business_intelligence_platform 430

Published Dec 12, 2023

Tracked Since Feb 18, 2026