← back
CVE-2021-42061

CVE-2021-42061

EPSS 0.5%CWE-79
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.
Affected products
SAP SE · SAP BusinessObjects Business Intelligence Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3103677https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021