SAP BO BI LaunchPad Unauth Script Execution via XSS
CVE-2022-39800 Published on October 11, 2022
SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2022-39800 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2022-39800
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-39800 are published in SAP Businessobjects Business Intelligence:
Affected Versions
SAP SE SAP BusinessObjects Business Intelligence Platform (BI LaunchPad):- Version < 420 is affected.
- Version < 430 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.