Skip to main content

Businessobjects Business Intelligence CVE-2021-21444

MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2021-02-09 cna@sap.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 09, 2021 - 21:15 nvd
MEDIUM 6.1

DescriptionNVD

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.

AnalysisAI

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1021. SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack. Affected products include: Sap Businessobjects Business Intelligence.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-40622 CRITICAL
9.9 Sep 12

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition a

CVE-2023-28765 CRITICAL
9.8 Apr 11

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - version

CVE-2018-2445 CRITICAL
9.6 Aug 14

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnera

CVE-2023-37490 CRITICAL
9.0 Aug 08

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an

CVE-2022-41203 HIGH
8.8 Nov 08

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated atta

CVE-2018-2442 HIGH
8.8 Aug 14

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI

CVE-2018-2427 HIGH
8.8 Jul 10

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Stu

CVE-2025-23192 HIGH
8.2 Jun 10

Stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects BI Workspace that allows unauthenticated attacker

CVE-2022-32245 HIGH
8.2 Aug 10

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attack

CVE-2019-0268 HIGH
8.1 Mar 12

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently val

CVE-2022-28214 HIGH
7.8 May 11

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication

CVE-2023-30740 HIGH
7.6 May 09

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensi

Share

CVE-2021-21444 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy