CVE-2019-0335 is a vulnerability in SAP Businessobjects Business Intelligence
Published on August 14, 2019
Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack.
Products Associated with CVE-2019-0335
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence? stack.watch will email you.
Affected Versions
SAP SE SAP BusinessObjects Business Intelligence Platform (CMC):- Version < 4.1 is affected.
- Version < 4.2 is affected.
- Version < 4.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.