164 matches found
CVE-2022-41263
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...
CVE-2020-6288
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...
CVE-2020-6231
SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2020-6312
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site...
CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a hacker to modify arbitrary files and cause service interruptions.
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform is related to errors in inherited permissions. Exploiting this vulnerability could allow attackers to modify arbitrary files and cause service failures...
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware
Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a attacker to execute XSS attacks.
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows attackers to perform cross-site scripting attacks.
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2025-0062
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...
CVE-2025-25245
SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...
CVE-2025-0062
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...
CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...
CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...
CVE-2024-37179
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of SAP BusinessObjects Business Intelligence’s Web Intelligence component relates to the unlimited download of dangerous files. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
CVE-2024-37179
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...
CVE-2024-37179
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...
CVE-2024-37179 Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...