SAP BusinessObjects Platform Cross-Site Scripting Vulnerability in BI Launchpad
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in SAP BusinessObjects Platform, specifically within the BI Launchpad component. This issue arises because the application does not adequately sanitize user input, allowing an unauthenticated attacker to create a URL that includes a malicious script embedded in an unprotected parameter. When a user clicks on the link, the script is executed in their browser, potentially enabling the attacker to access or modify information related to the web client, without impacting the application's availability.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Remediation
Users are advised to consult the SAP Security Notes and implement the recommended patches. SAP Security Notes can be accessed through the SAP for Me platform.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.