CVE-2023-0018

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-01-2023 05:15

Last modified: - 13-01-2023 07:19

Total changes: - 2

Description

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

2.8

2.7

Exploitability score

Impact score

Verification logic

Reference

Keywords

CVE-2023-0018

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2023-0018

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures