SAP BusinessObjects Business Intelligence Workspace Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SAP BusinessObjects Business Intelligence (BI Workspace). This issue allows an unauthenticated attacker to inject malicious scripts into a workspace. When a victim accesses the workspace, the injected script executes in their browser. This execution could enable the attacker to access sensitive session information, alter browser data, or disrupt the availability of browser information. The vulnerability impacts confidentiality significantly, while integrity and availability are affected to a lesser degree.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the workspace.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP for Me platform. This vulnerability will also be addressed in the upcoming SAP Security Patch Day.