CVE-2021-21447
5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface) | < 410 | affected |
| SAP SE | SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface) | < 420 | affected |
Weaknesses
- Cross Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
- https://launchpad.support.sap.com/#/notes/2965154
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
- https://launchpad.support.sap.com/#/notes/2965154
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.