Latest sap businessobjects business intelligence platform Vulnerabilities

CVE-2023-42472
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system ...
Sap Businessobjects Business Intelligence Platform=420
CVE-2023-27271
In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintool...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2023-24530
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On s...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2023-0020
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, ther...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2023-0022
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful ex...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2023-0018
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges ...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which ...
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-35228
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-29619
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would ot...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-28213
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-27667
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricte...
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-27671
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2022-28216
SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user...
Sap Businessobjects Business Intelligence Platform=420
CVE-2022-22541
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is t...
Sap Businessobjects Business Intelligence Platform=420
Sap Businessobjects Business Intelligence Platform=430
CVE-2021-42061
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This al...
Sap Businessobjects Business Intelligence Platform=420
CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. The...
Sap Businessobjects Business Intelligence Platform=4.20
Sap Businessobjects Business Intelligence Platform=4.30
CVE-2021-33679
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When ...
Sap Businessobjects Business Intelligence Platform=420
CVE-2020-26831
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An atta...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
Sap Businessobjects Business Intelligence Platform=4.3
CVE-2020-6308
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the in...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
Sap Businessobjects Business Intelligence Platform=4.3
CVE-2020-6288
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file forma...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6312
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page prop...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6294
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
Sap Businessobjects Business Intelligence Platform=4.2
Sap Businessobjects Business Intelligence Platform=4.3
Opengroup Unix
CVE-2020-6300
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to...
Sap Businessobjects Business Intelligence Platform=4.2
Sap Businessobjects Business Intelligence Platform=4.3
CVE-2020-6278
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets ex...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6276
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6269
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosu...
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6251
Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6245
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Contr...
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6257
SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6242
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the...
Sap Businessobjects Business Intelligence Platform=1.0
Sap Businessobjects Business Intelligence Platform=2.0
Sap Businessobjects Business Intelligence Platform=2.1
Sap Businessobjects Business Intelligence Platform=2.2
Sap Businessobjects Business Intelligence Platform=2.3
CVE-2020-6211
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials o...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6195
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gai...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6237
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6216
SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6226
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnera...
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6227
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, a...
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6223
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user wh...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6222
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) v...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6221
Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) ...
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6231
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnera...
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2020-6189
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would ot...
Sap Businessobjects Business Intelligence Platform=4.2
CVE-2019-0398
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.2
Sap Businessobjects Business Intelligence Platform=4.3
CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted sourc...
Sap Businessobjects Business Intelligence Platform=4.0
Sap Businessobjects Business Intelligence Platform=4.1-sp10
Sap Businessobjects Business Intelligence Platform=4.1-sp11
Sap Businessobjects Business Intelligence Platform=4.1-sp12
CVE-2019-0382
A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication related pages); corrected in version 4.2. Privileges are required in ord...
Sap Businessobjects Business Intelligence Platform<4.2
CVE-2019-0378
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious ...
Sap Businessobjects Business Intelligence Platform=4.0
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.1-sp10
Sap Businessobjects Business Intelligence Platform=4.1-sp11
Sap Businessobjects Business Intelligence Platform=4.1-sp12
CVE-2019-0377
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious...
Sap Businessobjects Business Intelligence Platform=4.0
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.1-sp10
Sap Businessobjects Business Intelligence Platform=4.1-sp11
Sap Businessobjects Business Intelligence Platform=4.1-sp12
CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save ma...
Sap Businessobjects Business Intelligence Platform=4.0
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.1-sp10
Sap Businessobjects Business Intelligence Platform=4.1-sp11
Sap Businessobjects Business Intelligence Platform=4.1-sp12
Sap Businessobjects Business Intelligence Platform=4.2-sp04
and 3 more
CVE-2019-0374
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts i...
Sap Businessobjects Business Intelligence Platform=4.0
Sap Businessobjects Business Intelligence Platform=4.1
Sap Businessobjects Business Intelligence Platform=4.1-sp10
Sap Businessobjects Business Intelligence Platform=4.1-sp11
Sap Businessobjects Business Intelligence Platform=4.1-sp12
Sap Businessobjects Business Intelligence Platform=4.2-sp04
and 3 more
CVE-2019-0352
In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cac...
Sap Businessobjects Business Intelligence Platform=4.10
Sap Businessobjects Business Intelligence Platform=4.20
Sap Businessobjects Business Intelligence Platform=4.30
CVE-2018-2471
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which would otherwise be restricted.
Sap Businessobjects Business Intelligence Platform=4.10
Sap Businessobjects Business Intelligence Platform=4.20

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203