Stored Cross Site Scripting and Privilege Escalation via Session Hijacking in SAP BusinessObjects Business Intelligence Platform

Stored Cross Site Scripting and Privilege Escalation via Session Hijacking in SAP BusinessObjects Business Intelligence Platform

CVE-2019-0334 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:N

When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.

Learn more about our Cis Benchmark Audit For Google Workspace.