← volver
CVE-2025-0060

Multiple vulnerabilities in SAP BusinessObjects Business Intelligence Platform

CVSS 6.5 MEDIUMEPSS 0.4%CWE-94
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Productos afectados
SAP_SE · SAP BusinessObjects Business Intelligence Platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3474398https://url.sap/sapsecuritypatchday