This vulnerability is only triggerable if another Business Intelligence BI pack (next to the default) was created.
We found this vulnerability internally.
- 1.6.0 (probably older versions as well)
Indicators of Compromise: To check for exploitation one can check the site apache access log for entries like . The order of the URL paramters can be changed by an attacker. Potential injected code would be in the parameter .
Vulnerability Management: We have rated the issue with a CVSS Score of 5.4 (Medium) with the following CVSS vector: . We assigned CVE-2023-23548 to this vulnerability.
Changes: This Werk introduces escaping for the vulnerable parameter.
To the list of all Werks