CVE-2019-0334

{"id": "CVE-2019-0334", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2019-08-14T14:15:15.713", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2771221", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2771221", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting."}, {"lang": "es", "value": "Cuando se crea un m\u00f3dulo en SAP BusinessObjects Business Intelligence Platform (BI Workspace), versiones 4.1, 4.2, 4.3, es posible almacenar un script malicioso que cuando es ejecutado m\u00e1s tarde podr\u00eda permitir a un usuario escalar privilegios por medio de un secuestro de sesi\u00f3n. El atacante tambi\u00e9n podr\u00eda acceder a otra informaci\u00f3n confidencial, conllevando a un ataque de tipo Cross Site Scripting Almacenado."}], "lastModified": "2024-11-21T04:16:42.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "321A6FA2-0182-4C03-B367-80D2CE064493"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAD665A3-D351-4BDE-819F-C296F484F926"}, {"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "332B91C8-BE8B-4D64-AE82-04FAA946CE83"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}