CVE-2019-0303 Information
Description
SAP BusinessObjects Business Intelligence Platform (Administration Console) versions 4.2 4.3 module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://launchpad.support.sap.com//notes/2637997 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 SAP BusinessObjects Business Intelligence Platform (Administration Console) versions 4.2 4.3 module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: