What is the severity of CVE-2023-42476?

CVE-2023-42476 has been rated as a high-severity vulnerability due to the potential for JavaScript injection and execution in users' browsers.

How do I fix CVE-2023-42476?

To mitigate CVE-2023-42476, update to the latest version of SAP BusinessObjects Web Intelligence and apply any available security patches.

What type of attack is associated with CVE-2023-42476?

CVE-2023-42476 allows authenticated attackers to perform Cross-Site Scripting (XSS) by injecting malicious JavaScript into Web Intelligence documents.

What can happen if CVE-2023-42476 is exploited?

Successful exploitation of CVE-2023-42476 can lead to unauthorized access to sensitive information and session hijacking through malicious code execution.

Vulnerability/
CVE-2023-42476

medium

6.8

CWE

12/12/2023

2/8/2024

CVE-2023-42476: Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

First published: Tue Dec 12 2023(Updated: )

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP BusinessObjects Web Intelligence	=420

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-42476?
CVE-2023-42476 has been rated as a high-severity vulnerability due to the potential for JavaScript injection and execution in users' browsers.
How do I fix CVE-2023-42476?
To mitigate CVE-2023-42476, update to the latest version of SAP BusinessObjects Web Intelligence and apply any available security patches.
What type of attack is associated with CVE-2023-42476?
CVE-2023-42476 allows authenticated attackers to perform Cross-Site Scripting (XSS) by injecting malicious JavaScript into Web Intelligence documents.
Who is affected by CVE-2023-42476?
CVE-2023-42476 affects users of SAP BusinessObjects Web Intelligence version 420 who access vulnerable documents.
What can happen if CVE-2023-42476 is exploited?
Successful exploitation of CVE-2023-42476 can lead to unauthorized access to sensitive information and session hijacking through malicious code execution.

collector/nvd-api
agent/references
agent/event
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/weakness
agent/author
agent/severity
agent/tags
agent/description
agent/source
vendor/sap
canonical/sap businessobjects web intelligence
version/sap businessobjects web intelligence/420

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.