8CVSS
7.1AI Score
0.002EPSS
7.2CVSS
6.9AI Score
0.0005EPSS
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could....
5CVSS
5AI Score
0.001EPSS
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable,....
6.1CVSS
5.8AI Score
0.001EPSS
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution...
8.5CVSS
8.4AI Score
0.006EPSS
4.4CVSS
4.3AI Score
0.003EPSS
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted.....
8.8CVSS
8.6AI Score
0.001EPSS
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful....
8.8CVSS
8.4AI Score
0.001EPSS
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite...
7.5CVSS
7.5AI Score
0.002EPSS
5.4CVSS
5.4AI Score
0.001EPSS
5.4CVSS
5.4AI Score
0.001EPSS
8CVSS
7.2AI Score
0.014EPSS
6.1CVSS
4.9AI Score
0.001EPSS
SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for...
4.8CVSS
5.9AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution...
8CVSS
8.1AI Score
0.019EPSS
An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a...
7.5CVSS
7AI Score
0.013EPSS
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution...
8CVSS
8AI Score
0.024EPSS
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user...
6.5CVSS
6.4AI Score
0.001EPSS
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be...
7.6CVSS
6.7AI Score
0.005EPSS
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not....
5.4CVSS
5.2AI Score
0.025EPSS
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of...
6.1CVSS
6AI Score
0.002EPSS
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including:.....
5.4CVSS
6.2AI Score
0.001EPSS