CVE-2021-21447
CVE-2021-21447
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 ene 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting.
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Productos afectados
SAP SE · SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →