Skip to main content

Businessobjects Business Intelligence CVE-2021-33697

MEDIUM
Use of Web Link to Untrusted Target with window.opener Access (CWE-1022)
2021-09-15 cna@sap.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 15, 2021 - 19:15 nvd
MEDIUM 6.1

DescriptionNVD

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

AnalysisAI

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-1022. Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Affected products include: Sap Businessobjects Business Intelligence.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-40622 CRITICAL
9.9 Sep 12

SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition a

CVE-2023-28765 CRITICAL
9.8 Apr 11

An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - version

CVE-2018-2445 CRITICAL
9.6 Aug 14

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnera

CVE-2023-37490 CRITICAL
9.0 Aug 08

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an

CVE-2022-41203 HIGH
8.8 Nov 08

In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated atta

CVE-2018-2442 HIGH
8.8 Aug 14

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI

CVE-2018-2427 HIGH
8.8 Jul 10

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Stu

CVE-2025-23192 HIGH
8.2 Jun 10

Stored Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects BI Workspace that allows unauthenticated attacker

CVE-2022-32245 HIGH
8.2 Aug 10

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attack

CVE-2019-0268 HIGH
8.1 Mar 12

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently val

CVE-2022-28214 HIGH
7.8 May 11

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication

CVE-2023-30740 HIGH
7.6 May 09

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensi

Share

CVE-2021-33697 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy