First published: Tue Mar 11 2025(Updated: )
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP BusinessObjects |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-0062 has a high severity rating due to the potential for JavaScript injection leading to code execution in the victim's browser.
To mitigate CVE-2025-0062, apply the latest security patches provided by SAP for the BusinessObjects Business Intelligence Platform.
CVE-2025-0062 affects certain versions of SAP BusinessObjects Business Intelligence Platform, but exact versions should be verified through SAP's security advisories.
CVE-2025-0062 facilitates Cross-Site Scripting (XSS) attacks by allowing injection of malicious JavaScript in reports.
Exploitation of CVE-2025-0062 could lead to unauthorized access to sensitive information and a compromised user session.