VDB

CVE-2021-33679

CVE-2021-33679 PUBLISHED CVSS 5.400000095367432 MEDIUM

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity.

EPSS 0.16% · 37.0th percentile

Risk Scores

CVSS v3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.16%
37.0th percentile

Affected Products

VendorProductVersions
SAP SESAP BusinessObjects Business Intelligence Platform (BI Workspace)< 420
sapbusinessobjects_business_intelligence_platform420

Timeline

  • Sep 14, 2021 CVE Published
  • Sep 15, 2021 EPSS Score
  • Nov 11, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 7, 2022 EPSS Score
  • Mar 5, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jun 26, 2022 EPSS Score
  • Aug 23, 2022 EPSS Score
  • Oct 19, 2022 EPSS Score
  • Dec 15, 2022 EPSS Score
  • Feb 10, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›