Lucene search
K

164 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:37 p.m.7 views

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

4.3CVSS5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.5 views

CVE-2020-6288

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface allows an attacker with edit document rights to upload any file including script files without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker c...

5.3CVSS6.8AI score0.00656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:29 p.m.4 views

CVE-2020-6231

SAP Business Objects Business Intelligence Platform Web Intelligence HTML interface, version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS5.9AI score0.00648EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 p.m.9 views

CVE-2020-6312

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify how a browser processes particular page elements, leading to stored Cross Site...

5.4CVSS6.4AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 a.m.6 views

CVE-2019-0396

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

7.1CVSS6.7AI score0.00897EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.10 views

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a hacker to modify arbitrary files and cause service interruptions.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform is related to errors in inherited permissions. Exploiting this vulnerability could allow attackers to modify arbitrary files and cause service failures...

6.6CVSS5.6AI score0.00134EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2025/04/02 1:0 p.m.17 views

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

7.1AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/02 1:0 p.m.5 views

A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Co-authored by Yaniv Allender and Anna Sirokova Introduction Ransomware remains a major threat, causing significant disruption and financial losses to organizations across various sectors. Cybercriminal groups behind these attacks constantly adapt their methods to maximize damage and profit. At...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.9 views

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a attacker to execute XSS attacks.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS5.4AI score0.00217EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.9 views

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

4.7CVSS5.2AI score0.00254EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/13 6:7 p.m.7 views

CVE-2025-0062

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

4.7CVSS4.9AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2025/03/11 1:15 a.m.5 views

CVE-2025-25245

SAP BusinessObjects Business Intelligence Platform Web Intelligence contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References2
NVD
NVD
added 2025/03/11 1:15 a.m.6 views

CVE-2025-0062

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

4.7CVSS0.00254EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/11 12:31 a.m.5 views

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

4.7CVSS7.1AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/11 12:31 a.m.9 views

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

4.7CVSS0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:50 a.m.9 views

CVE-2024-37179

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...

7.7CVSS6.7AI score0.00428EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/10/24 12:0 a.m.6 views

The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of SAP BusinessObjects Business Intelligence’s Web Intelligence component relates to the unlimited download of dangerous files. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

7.7CVSS5.5AI score0.00428EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/08 4:15 a.m.8 views

CVE-2024-37179

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2024/10/08 4:15 a.m.28 views

CVE-2024-37179

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...

7.7CVSS0.00428EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/08 3:21 a.m.22 views

CVE-2024-37179 Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application...

7.7CVSS0.00428EPSS
Exploits0References2
Rows per page
Query Builder