SAP BusinessObjects Enterprise Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in SAP BusinessObjects Enterprise. The issue arises because the application does not properly encode user-controlled inputs, allowing an admin user to inject malicious JavaScript into a website. This injected script is executed when a user visits the compromised page. The vulnerability has a low impact on data confidentiality and integrity, with no effect on application availability.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the affected page.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where a complete list of security notes is available. It is recommended to implement these security corrections as a priority.