CVE-2025-0060

Published Jan 14, 2025

Last updated a month ago

CVSS medium 6.5

Overview

Description
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
5.2
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-94

Social media

Hype score
Not currently trending

  1. CVE-2025-0060 SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information … https://t.co/4eWIIAXrYP

    @CVEnew

    14 Jan 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References