10 matches found
CVE-2022-35228
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...
EUVD-2021-20356
Malware in sbrugna...
EUVD-2023-35105
Malicious code in bioql PyPI...
SAP BusinessObjects Business Intelligence Platform HTML Injection Vulnerability (3573199)
The version of SAP BusinessObjects Business Intelligence Platform installed on the remote host is prior to 2025 SP000 000200, 4.3 SP004 001300, or 4.3 SP005 000000. It is, therefore, affected by a vulnerability as referenced in the 3573199 advisory. An HTML Injection exists which allows an attack...
CVE-2025-23192 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
SAP BusinessObjects Business Intelligence BI Workspace allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session...
CVE-2024-32732
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application...
CVE-2022-22541
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access...
CVE-2019-0303
SAP BusinessObjects Business Intelligence Platform Administration Console, versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to build a special url that execute custom JavaScript co...
CVE-2019-0332
SAP BusinessObjects Business Intelligence Platform Info View, versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0289
Under certain conditions SAP BusinessObjects Business Intelligence platform Analysis for OLAP, versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted...