Lucene search
K

1105 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.9 views

CVE-2022-31596

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform Monitoring DB - version 430, can access BOE Monitoring database to retrieve and modify non-personal system data which wou...

6CVSS6.6AI score0.0066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.6 views

CVE-2022-35169

SAP BusinessObjects Business Intelligence Platform LCM - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on...

6.5CVSS6.9AI score0.00564EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.6 views

CVE-2022-35228

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...

8.8CVSS6.6AI score0.00462EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.9 views

CVE-2023-31406

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS6.5AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:27 a.m.12 views

CVE-2023-31404

Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...

5CVSS6.6AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.8 views

CVE-2023-40623

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...

7.1CVSS6.9AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.7 views

CVE-2021-33679

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence...

5.4CVSS6.8AI score0.00458EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:20 a.m.6 views

CVE-2021-33697

Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS6.9AI score0.00562EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.5 views

CVE-2023-40622

SAP BusinessObjects Business Intelligence Platform Promotion Management - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application...

9.9CVSS6.4AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.3 views

CVE-2025-23192

SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...

8.2CVSS8.1AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.9 views

CVE-2022-27667

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console CMC - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure...

7.5CVSS6.5AI score0.01307EPSS
Exploits0References1
NCSC
NCSC
added 2025/12/12 9:29 a.m.10 views

Vulnerabilities fixed in SAP Software

SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...

9.9CVSS7.4AI score0.64718EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform DoS (December 2025)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a denial of service vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP Business Objects allows an unauthenticated attacker to flood the service due to improper...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/09 6:30 p.m.5 views

EUVD-2025-201846

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

5.4CVSS6.5AI score0.0026EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 2:15 a.m.3 views

CVE-2025-42896 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...

5.4CVSS6.6AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 2:15 a.m.19 views

CVE-2025-42896

CVE-2025-42896 affects SAP BusinessObjects Business Intelligence Platform and is an SSRF vulnerability where an unauthenticated remote attacker can send crafted requests via the URL parameter controlling the login page error message. The server may fetch attacker-supplied URLs, yielding low impac...

5.4CVSS6.6AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

5.4CVSS6.4AI score0.0026EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.2 views

SAP BusinessObjects Business Intelligence Platform Deserialization (3617142)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000500, 4.3 SP004 001400, or 4.3 SP005 000200. It is, therefore, affected by a vulnerability as referenced in the 3617142 advisory. - Improper Input Validation vulnerability in...

5.3CVSS6.4AI score0.01237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27462

Malware in sbrugna...

5.4CVSS6AI score0.00536EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7630

Malware in sbrugna...

10CVSS6.4AI score0.03628EPSS
Exploits0References5
Rows per page
Query Builder