← voltar
CVE-2025-0062

Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

CVSS 4.7 MEDIUMEPSS 0.3%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
SAP_SE · SAP BusinessObjects Business Intelligence Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3557459https://url.sap/sapsecuritypatchday