cvedb.io
CVE-2023-0015
MEDIUM · CVSS 4.6
EPSS exploitation probability: 0%
Published 2023-01-10T04:15:09.680 · Last modified 2026-06-17T05:24:35.927

Summary

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application.

Affected products

sap — business_objects_business_intelligence_platform

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.