CVE-2019-0334

Summary

When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP BusinessObjects Business Intelligence Platform (BI Workspace)< 4.1affected
SAP SESAP BusinessObjects Business Intelligence Platform (BI Workspace)< 4.2affected
SAP SESAP BusinessObjects Business Intelligence Platform (BI Workspace)< 4.3affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References