Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-42476
CVE-2023-42476:
SAP BusinessObjects Web Intelligence vulnerability analysis and mitigation
Overview
SAP Business Objects Web Intelligence version 420 contains a cross-site scripting vulnerability (CVE-2023-42476) that was disclosed on December 11, 2023. The vulnerability allows an authenticated attacker to inject JavaScript code into Web Intelligence documents, which is then executed in the victim's browser when the vulnerable page is visited (NVD).
Technical details
The vulnerability is classified as a cross-site scripting (CWE-79) issue with a CVSS v3.1 base score of 6.8 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requires low privileges (PR:L), user interaction (UI:R), and has a changed scope (S:C). The vulnerability primarily impacts confidentiality (C:H) with no direct effects on integrity (I:N) or availability (A:N) (NVD).
Impact
Successful exploitation of this vulnerability can lead to exposure of data that the user has access to. In the worst-case scenario, an attacker could potentially access data from reporting databases (NVD).
Additional resources
Source: This report was generated using AI
Related SAP BusinessObjects Web Intelligence vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management