/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.
- 2 instances identified at locations:
/BOE/portal/2311081201/FioriBI/sap/dfa/help/webassistant/catalogue
/BOE/portal/2311081201/FioriBI/sap/dfa/help/webassistant/context - Security tools may report the below webassistant catalogue url in BI Launchpad as disclosing version data in JSON and as possible Broken Access Control risk
- /BOE/portal/nnnnnnnFioriBI/sap/dfa/help/webassistant/catalogue................
Read more...
Environment
SAP BusinessObjects Business Intelligence (BI) Platform 4.x
Product
SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3
Keywords
CORS, Web Assistant, CVE-2022-21817, broken access control , KBA , BI-BIP-SEC , Security Vulnerabilities in SAP BusinessObjects , Known Error
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)