CVE-2019-0303

{"id": "CVE-2019-0303", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-06-14T19:29:00.277", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2637997", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript code when the url is accessed."}, {"lang": "es", "value": "Business Intelligence Platform (Consola de administraci\u00f3n) de SAP BusinessObjects, versiones 4.2, 4.3, m\u00f3dulo BILogon/appService.jsp est\u00e1 reflejando el par\u00e1metro errMsg solicitado en el contenido de la respuesta sin saneamiento. Este podr\u00eda ser utilizado por un atacante para crear una URL especial que ejecute c\u00f3digo JavaScript personalizado cuando la URL sea accedida."}], "lastModified": "2019-06-18T18:53:10.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:businessobjects:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B4BCC2-3F12-4A66-AF86-1C8C2B418B69"}, {"criteria": "cpe:2.3:a:sap:businessobjects:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7445C0BF-43DD-4A04-83AF-2DDB7C393333"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}