When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.

Published : 2019-08-14 14:15 Updated : 2019-08-22 19:47

CVSS Score More info
Score 4.9 / 10
Vendor Product Version URI
Sap Businessobjects Business Intelligence 4.1 cpe:/a:sap:businessobjects_business_intelligence:4.1
Sap Businessobjects Business Intelligence 4.2 cpe:/a:sap:businessobjects_business_intelligence:4.2
Sap Businessobjects Business Intelligence 4.3 cpe:/a:sap:businessobjects_business_intelligence:4.3
  1. Sap (1) Search CVE
    1. Businessobjects Business Intelligence (3) Search CVE
      1. 4.1
      2. 4.2
      3. 4.3


ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-08-22 19:47
2019-08-14 15:00