Volerion logoVolerion
Volerion logoVolerion

SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability Allowing Data Theft and Impersonation

Vulnerability

A cross-site scripting vulnerability has been identified in SAP BusinessObjects Business Intelligence Platform. This issue allows an authenticated user with limited access to inject malicious JavaScript that can read sensitive information from the server and send it to the attacker. The attacker could then use this information to impersonate a high-privileged user, significantly impacting the application's confidentiality and integrity.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, allowing an attacker to impersonate a high-privileged user within the application.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
5.4
exploitability
5.0
remediation
0.0
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.