CVE-2025-0062 Information

Description

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim’s browser each time the vulnerable page is visited by the victim. On successful exploitation an attacker could cause limited impact on confidentiality and integrity within the scope of victim?s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://me.sap.com/notes/3557459 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.7