QwikSec

Security Database

CVE

CWE

Training

CVE-2021-42061

Published: Dec 14, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow.

Vendor	Product	Versions
SAP SE	SAP BusinessObjects Business Intelligence Platform	affected `< 420`

Weaknesses (CWE)

References

https://launchpad.support.sap.com/#/notes/3103677

x_refsource_MISC

https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.