23 matches found
CVE-2019-0303
CVE-2019-0303 affects SAP BusinessObjects BI Platform Administration Console (versions 4.2 and 4.3) where the BILogon/appService.jsp redirects reflect the requested errMsg parameter into the response without sanitization, enabling potential cross-site scripting when the URL is accessed. Related c...
CVE-2010-0219
CVE-2010-0219 covers Apache Axis2 default credentials that affect dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2 and CA ARCserve D2D r15 among others. The issue arises from a default admin password (axis2), enabling remote attackers to upload a crafted web service and achieve arbitrary co...
CVE-2022-28214
CVE-2022-28214 affects SAP BusinessObjects Enterprise CMS (versions 420 and 430). During an update, authentication credentials are exposed in Sysmon event logs, causing Information Disclosure with high impact to Confidentiality, Integrity, and Availability. The NVD/NVD-derived metrics list CVSSv3...
CVE-2019-0287
CVE-2019-0287 affects SAP BusinessObjects Business Intelligence platform (Central Management Server) for SAP BO BI 4.2 and 4.3. The issue allows an attacker to access information that should be restricted, indicating an information-disclosure vulnerability affecting the Central Management Server ...
CVE-2019-0289
CVE-2019-0289 affects SAP BusinessObjects Business Intelligence Platform (Analysis for OLAP), specifically versions 4.2 and 4.3, where an attacker can access information that should be restricted. The provided documents confirm the affected product and the information disclosure impact but do not...
CVE-2023-40623
CVE-2023-40623 affects SAP BusinessObjects Suite Installer versions 420 and 430. The issue enables a network‑based attacker to create a directory under a temporary directory and link it to an OS directory (directory junction), enabling deletion of OS files and resulting in high availability impac...
CVE-2019-0259
CVE-2019-0259 relates to SAP BusinessObjects (versions 4.2 and 4.3) and is a vulnerability where an attacker can upload arbitrary files, including scripts, due to insufficient file format validation. The root cause is inadequate validation during the file upload process, enabling remote, unauthen...
CVE-2015-7730
CVE-2015-7730 affects SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3. A crafted GIOP packet can trigger an out-of-bounds read and listener crash, enabling remote denial of service. The entry documents this as SAP Security Note 2001108. Exploita...
CVE-2010-3981
SAP BusinessObjects Enterprise XI 3.2 is affected by CVE-2010-3981 through an XSS flaw exposed in the Edit Service Parameters page via the ServiceClass parameter. Connected documents corroborate that Apache Axis2 (as included in relevant deployments) received a security release (Axis2 1.7.3) that...
CVE-2014-8308
CVE-2014-8308 is an XSS vulnerability in SAP BusinessObjects BI EDGE 4.0’s Send to Inbox function. CVSS2 base score 4.3 (MEDIUM); attack vector NETWORK, attack complexity MEDIUM, no authentication, confidentiality impact NONE, integrity impact PARTIAL, availability impact NONE. Exploitation detai...
CVE-2019-0251
The CVE-2019-0251 entry affects SAP BusinessObjects BI Platform Fiori Launchpad (before 4.2 and 4.3). The root cause is insufficient encoding of user-controlled inputs, enabling Cross-Site Scripting (XSS). The vulnerability can allow the execution of arbitrary script in a user’s browser. The prov...
CVE-2010-3979
SAP BusinessObjects Enterprise XI 3.2 is affected by CVE-2010-3979 through the dswsbobje component. The vulnerability arises because the login field error messaging varies depending on whether the provided credential matches a valid username, enabling remote attackers to enumerate valid account n...
CVE-2023-28764
CVE-2023-28764 affects SAP BusinessObjects Platform versions 420 and 430, specifically the Information design tool. The vulnerability stems from transmitting sensitive information in cleartext over the network within the Information design tool binaries, enabling an unauthenticated attacker with ...
CVE-2010-3982
SAP BusinessObjects Enterprise XI 3.2 is affected by a vulnerability in the CrystalReports/viewrpt.cwr URI where the apstoken parameter can cause remote TCP connections to arbitrary intranet hosts on any port, exposing potentially sensitive information about open ports (an related internal port s...
CVE-2018-2408
SAP Business Objects (BI Launch Pad/CMC) versions 4.0–4.30 are affected by an improper session management vulnerability where, after a user changes their password, other active sessions created with the old password remain active. This can allow an attacker to reuse pre-existing sessions to acces...
CVE-2010-3980
Summary: CVE-2010-3980 affects SAP BusinessObjects Enterprise XI 3.2. The dswsbobje service (biplatform URI) does not limit the number of CUIDs that can be requested via GenerateCuids, enabling remote authenticated users to trigger a denial of service. The vulnerability is tied to an unbounded nu...
CVE-2014-3134
CVE-2014-3134 describes a cross-site scripting (XSS) vulnerability in the InfoView application of SAP BusinessObjects . The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available records do not specify the exact vulnerable component version, exp...
CVE-2014-8311
CVE-2014-8311 affects SAP BusinessObjects Edge 4.0. Remote attackers can obtain sensitive information via an InfoStore query to a CORBA listener, causing information disclosure. The provided sources do not specify affected subversions or a fixed patch in this context. Exploitation details are not...
CVE-2017-16683
The CVE-2017-16683 entry affects SAP Business Objects Platform Enterprise 4.10 and 4.20, describing a Denial of Service that could allow an attacker to prevent legitimate users from accessing the service. The connected documents confirm the affected product and the DoS impact but do not provide a...
CVE-2014-8309
CVE-2014-8309 affects SAP BusinessObjects 4.0 and BOXI R2/3.1. The issue stems from error messages shown after failed logon attempts, which vary in delay based on whether the user exists, enabling remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Sessi...
CVE-2014-8310
The CVE-2014-8310 entry affects SAP BusinessObjects BI Edge 4.0, specifically the CMS CORBA listener. A vulnerability in the OSCAFactory::Session ORB handling allows remote attackers to cause a denial of service (server shutdown). The available data does not specify exploit details beyond the cra...
CVE-2010-3983
The CVE-2010-3983 entry concerns SAP BusinessObjects Enterprise XI 3.2, affecting the CmcApp component. It specifies that remote authenticated users can gain privileges via vectors involving the Program Job Server and the Program Login property. The provided connected records corroborate the prod...
CVE-2014-9387
SAP BusinessObjects Edge 4.1 is affected by CVE-2014-9387 through a crafted CORBA call that allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN and escalate privileges. The underlying cause is exposure of a login token via CORBA, enabling complete confidentiality, integrit...