39 matches found
CVE-2026-24324
SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...
CVE-2026-24324
SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...
CVE-2026-24324
SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...
PT-2026-7223
SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...
CVE-2025-54990
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...
CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...
CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space
XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...
GHSA-V7R8-8P5C-H4XW XWiki AdminTools application doesn't set permissions on the AdminTools space
Impact Users without admin rights have access to AdminTools.SpammedPages. Details View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. Workarounds Set the view rights for the AdminTools space to ...
XWiki AdminTools application doesn't set permissions on the AdminTools space
Impact Users without admin rights have access to AdminTools.SpammedPages. Details View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. Workarounds Set the view rights for the AdminTools space to ...
PT-2025-47412
Name of the Vulnerable Software and Affected Versions XWiki AdminTools versions prior to 1.1 Description XWiki AdminTools provides administrative tools for managing a running XWiki instance. Prior to version 1.1, users lacking administrator privileges could access the AdminTools.SpammedPages page...
EUVD-2018-14300
Malware in sbrugna...
EUVD-2022-41561
Malicious code in bioql PyPI...
CVE-2022-39015
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted...
Debian dla-3773 : freeipa-admintools - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3773 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3773-1 [email protected] https://www.debian.org/lts/security/...
SAP BusinessObjects Business Intelligence Platform Multiple Vulnerabilities (3287120)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a multiple vulnerabilities: - SSRF, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools CVE-2023-27271 - SSRF, n attack...
CVE-2023-27271
In SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability...
CVE-2023-27271 Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform
In SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability...
CVE-2022-39015
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted...
Authentication flaw
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted...
CVE-2022-39015
CVE-2022-39015 affects SAP BusinessObjects Business Intelligence Platform via BOE AdminTools/BOE SDK. Under certain conditions, an attacker can access information that should be restricted (validated by NVD entry and related Red Hat/CNVD entries). CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, ba...