CVE-2021-21447 Information

Jun 07, 2022 cve

Description

SAP BusinessObjects Business Intelligence platform versions 410 420 allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control which can be executed by User who views the relevant application content which leads to Stored Cross-Site Scripting.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 https://launchpad.support.sap.com/#/notes/2965154

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: