Volerion logoVolerion
Volerion logoVolerion

SAP BusinessObjects Business Intelligence Platform HTML Injection Vulnerability in Web Intelligence

Vulnerability

A vulnerability allowing HTML injection has been identified in SAP BusinessObjects Business Intelligence Platform, specifically in the Web Intelligence component. This issue allows an attacker with basic user privileges to inject malicious code into certain input fields. The injected code could be used to execute unintended actions, such as redirecting users to attacker-controlled websites. While this vulnerability primarily impacts the integrity of the application, it does not affect its confidentiality or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized HTML injection, allowing for potential manipulation of application behavior or integrity.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.

Added: Jul 8, 2025, 2:06 AM
Updated: Jul 8, 2025, 2:06 AM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
1.0
exploitability
5.0
remediation
0.0
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.