SAP BusinessObjects Business Intelligence Platform Web Intelligence Endpoint Security Vulnerability

A security vulnerability exists in SAP BusinessObjects Business Intelligence Platform, specifically within the Web Intelligence component. The issue arises from a deprecated web application endpoint that lacks proper security measures. This vulnerability allows an attacker to inject a malicious URL into the data returned to the user. If successfully exploited, it could lead to a limited impact on confidentiality and integrity within the victim's browser, although there is no effect on availability.

Impact

Exploitation of this vulnerability could result in unauthorized injection of URLs, potentially compromising the confidentiality and integrity of data within the user's browser.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP Security Patch Day Bulletin. Instructions for accessing SAP Security Notes can be found on the SAP Security Notes FAQs page.