93 matches found
CVE-2025-40896
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...
CVE-2025-40896
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...
CVE-2025-40895
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges on a Guardian connected to a CMC can edit the Guardian's properties to inject HTML...
CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive...
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
EUVD-2020-27392
Malware in sbrugna...
EUVD-2018-14338
Malware in sbrugna...
EUVD-2018-14225
Malware in sbrugna...
EUVD-2018-14252
Malware in sbrugna...
EUVD-2019-1108
Malware in sbrugna...
EUVD-2022-41560
Malicious code in bioql PyPI...
EUVD-2025-1493
Malicious code in bioql PyPI...
Incorrect authorization for traces request/download in CMC before 25.1.0
Summary An access control vulnerability was discovered in the Request Trace and Download Trace functionalities due to a specific access restriction not being properly enforced for users with limited privileges. Impact An authenticated user with limited privileges can request and download trace...
CVE-2025-42965 Server Side Request Forgery(SSRF) vulnerability in SAP BusinessObjects BI Platform Central Management Console Promotion Management Application
SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitati...
Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
Summary An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Impact Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC...
CVE-2022-41206
SAP BusinessObjects Business Intelligence platform Analysis for OLAP - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on...
CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console CMC - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted...
CVE-2020-6189
Certain settings pages in SAP Business Objects Business Intelligence Platform CMC, version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure...
CVE-2025-0062
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...