1105 matches found
CVE-2022-31596
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform Monitoring DB - version 430, can access BOE Monitoring database to retrieve and modify non-personal system data which wou...
CVE-2022-35169
SAP BusinessObjects Business Intelligence Platform LCM - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on...
CVE-2022-35228
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...
CVE-2023-31406
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited...
CVE-2023-31404
Under certain conditions, SAP BusinessObjects Business Intelligence Platform Central Management Service - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could...
CVE-2023-40623
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...
CVE-2021-33679
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence...
CVE-2021-33697
Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...
CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform Promotion Management - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application...
CVE-2025-23192
SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...
CVE-2022-27667
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console CMC - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure...
Vulnerabilities fixed in SAP Software
SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...
SAP BusinessObjects Business Intelligence Platform DoS (December 2025)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is affected by a denial of service vulnerability as disclosed in the SAP Security Patch Day December 2025: - SAP Business Objects allows an unauthenticated attacker to flood the service due to improper...
EUVD-2025-201846
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...
CVE-2025-42896 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...
CVE-2025-42896
CVE-2025-42896 affects SAP BusinessObjects Business Intelligence Platform and is an SSRF vulnerability where an unauthenticated remote attacker can send crafted requests via the URL parameter controlling the login page error message. The server may fetch attacker-supplied URLs, yielding low impac...
SAP BusinessObjects Business Intelligence Platform 安全漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...
SAP BusinessObjects Business Intelligence Platform Deserialization (3617142)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000500, 4.3 SP004 001400, or 4.3 SP005 000200. It is, therefore, affected by a vulnerability as referenced in the 3617142 advisory. - Improper Input Validation vulnerability in...
EUVD-2020-27462
Malware in sbrugna...
EUVD-2015-7630
Malware in sbrugna...