CVE-2025-0060
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP BusinessObjects Business Intelligence Platform | ENTERPRISE 420 | affected |
| SAP_SE | SAP BusinessObjects Business Intelligence Platform | 430 | affected |
| SAP_SE | SAP BusinessObjects Business Intelligence Platform | 2025 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.