First published: Fri Jun 14 2019(Updated: )
SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects | =4.2 | |
SAP BusinessObjects | =4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-0303.
The title of this vulnerability is 'SAP BusinessObjects Business Intelligence Platform (Administration Console) versions 4.2 4.3 module <module> reflects requested parameter errMsg into response content without sanitation.'
Versions 4.2 and 4.3 of SAP BusinessObjects are affected.
The severity of CVE-2019-0303 is medium with a severity score of 6.1.
An attacker can exploit this vulnerability by building a special URL that executes custom JavaScript code.
Yes, please refer to the SAP Notes and Wiki provided in the references section for information on available fixes.