Security Advisory

CVE-2023-23856

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-14 03:15:05

Last updated 2025-03-20 17:55:57

Assigner sap

State PUBLISHED

Description

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.

← Browse all CVEs View on cve.org ↗