admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-248xx/CVE-2025-24867.json
cad-safe-bot 03e4a37847 Auto-Update: 2025-02-16T03:00:21.640882+00:00
2025-02-16 03:03:51 +00:00

64 lines
2.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-24867",
"sourceIdentifier": "cna@sap.com",
"published": "2025-02-11T01:15:10.847",
"lastModified": "2025-02-11T01:15:10.847",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link, the script will be executed in the browser, giving the attacker the ability to access and/or modify information related to the web client with no effect on availability."
},
{
"lang": "es",
"value": "SAP BusinessObjects Platform (BI Launchpad) no gestiona adecuadamente la entrada del usuario, lo que da lugar a una vulnerabilidad de tipo Cross-Site Scripting (XSS). La aplicaci\u00f3n permite a un atacante no autenticado manipular una URL que incorpora un script malicioso dentro de un par\u00e1metro desprotegido. Cuando una v\u00edctima hace clic en el enlace, el script se ejecuta en el navegador, lo que le da al atacante la capacidad de acceder y/o modificar informaci\u00f3n relacionada con el cliente web sin afectar la disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3445708",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink