← Volver a CVEs

CVE-2020-6312

MEDIUM

5.4

Descripcion

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site Scripting. In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized.

Detalles CVE

Puntuacion CVSS v3.15.4

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado9/9/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

sap:businessobjects_business_intelligence_platform

Debilidades (CWE)

CWE-79

Referencias

https://launchpad.support.sap.com/#/notes/2930128(cna@sap.com)

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700(cna@sap.com)

https://launchpad.support.sap.com/#/notes/2930128(af854a3a-2127-422b-91ae-364da2661108)

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.