SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

PT-2023-4097 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform versions 420, 430 Description: The issue allows an unauthorized attacker who has hijacked a user session to bypass the victim's old password via brute force due to an unrestricted rate limit...

CVE-2023-31404 Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...

SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2023-27896

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability...

Code injection

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability...

CVE-2023-27896 Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platform

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability...

CVE-2023-27896

CVE-2023-27896 affects SAP BusinessObjects BI Platform versions 420 and 430. The issue is a Server-Side Request Forgery (SSRF) where an attacker can control a malicious BOE server, causing the application server to connect to its own CMS. This leads to a high impact on availability. The descripti...

CVE-2023-23856

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

Design/Logic Flaw

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

PT-2023-15952 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence platform versions 420, 430 Description: The issue allows an authenticated attacker to access sensitive information that is otherwise restricted, potentially having a high impact on confidentiality and...

SAP BusinessObjects Business Intelligence 跨站脚本漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...

PT-2023-19257 · Sap · Sap Businessobjects Business Intelligence

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence version 430 Description: The issue affects the Web Intelligence user interface, where certain calls return JSON with an incorrect content type in the response header. This can make custom applications...

PT-2023-19678 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform CMC versions 420, 430 Description: The issue allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, ...

PT-2022-20865 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Monitoring DB version 430 Description: Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network can access the BOE Monitoring...

PT-2022-25775 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform Web Intelligence versions 420, 430 Description: The issue is caused by a missing authentication check, allowing an authenticated non-administrator attacker to modify the data source...

CVE-2022-41206

SAP BusinessObjects Business Intelligence platform Analysis for OLAP - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on...

CVE-2022-39014

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...

CVE-2022-39014

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...

CVE-2022-28214

During an update of SAP BusinessObjects Enterprise, Central Management Server CMS - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability...