CVE-2021-33679
Published on: 09/14/2021 12:00:00 AM UTC
Last Modified on: 09/24/2021 01:55:00 PM UTC
Certain versions of Businessobjects Business Intelligence Platform from Sap contain the following vulnerability:
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.
- CVE-2021-33679 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
SAP SE - SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420
CVSS3 Score: 5.4 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 3.5 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
No Description Provided | launchpad.support.sap.com text/html |
![]() |
SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki | wiki.scn.sap.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Sap | Businessobjects Business Intelligence Platform | 420 | All | All | All |
- cpe:2.3:a:sap:businessobjects_business_intelligence_platform:420:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-33679 : The #SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the… twitter.com/i/web/status/1… | 2021-09-14 12:06:49 |