10 matches found
CVE-2026-27683 Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...
CVE-2026-0485
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server CMS to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, renderin...
CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform Promotion Management - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application...
CVE-2023-28765
CVE-2023-28765 concerns SAP BusinessObjects Business Intelligence Platform (Promotion Management) prior to patch versions; specifically 420 and 430. The root cause involves handling of the internal file lcmbiar , enabling a basic-privilege attacker to access and decrypt the file, potentially expo...
CVE-2023-0020
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality and limited impact on integrity of the application...
Vulnerabilities fixed in SAP products
Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...
CVE-2019-0303
SAP BusinessObjects Business Intelligence Platform Administration Console, versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript co...
CVE-2014-8308
Cross-site scripting XSS vulnerability in the Send to Inbox functionality in SAP BusinessObjects BI EDGE 4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-8310
The CVE-2014-8310 entry affects SAP BusinessObjects BI Edge 4.0, specifically the CMS CORBA listener. A vulnerability in the OSCAFactory::Session ORB handling allows remote attackers to cause a denial of service (server shutdown). The available data does not specify exploit details beyond the cra...
CVE-2014-8308
CVE-2014-8308 is an XSS vulnerability in SAP BusinessObjects BI EDGE 4.0’s Send to Inbox function. CVSS2 base score 4.3 (MEDIUM); attack vector NETWORK, attack complexity MEDIUM, no authentication, confidentiality impact NONE, integrity impact PARTIAL, availability impact NONE. Exploitation detai...