Lucene search
K
SapBusinessobjects

23 matches found

CVE
CVE
added 2019/06/14 6:50 p.m.302 views

CVE-2019-0303

CVE-2019-0303 affects SAP BusinessObjects BI Platform Administration Console (versions 4.2 and 4.3) where the BILogon/appService.jsp redirects reflect the requested errMsg parameter into the response without sanitization, enabling potential cross-site scripting when the URL is accessed. Related c...

6.1CVSS6.3AI score0.008EPSS
Web
CVE
CVE
added 2010/10/18 4:0 p.m.293 views

CVE-2010-0219

CVE-2010-0219 covers Apache Axis2 default credentials that affect dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2 and CA ARCserve D2D r15 among others. The issue arises from a default admin password (axis2), enabling remote attackers to upload a crafted web service and achieve arbitrary co...

10CVSS7.8AI score0.89871EPSS
In wildWeb
CVE
CVE
added 2022/05/11 2:54 p.m.83 views

CVE-2022-28214

CVE-2022-28214 affects SAP BusinessObjects Enterprise CMS (versions 420 and 430). During an update, authentication credentials are exposed in Sysmon event logs, causing Information Disclosure with high impact to Confidentiality, Integrity, and Availability. The NVD/NVD-derived metrics list CVSSv3...

7.8CVSS7.5AI score0.00167EPSS
CVE
CVE
added 2019/05/14 8:20 p.m.65 views

CVE-2019-0287

CVE-2019-0287 affects SAP BusinessObjects Business Intelligence platform (Central Management Server) for SAP BO BI 4.2 and 4.3. The issue allows an attacker to access information that should be restricted, indicating an information-disclosure vulnerability affecting the Central Management Server ...

7.6CVSS7.3AI score0.01687EPSS
CVE
CVE
added 2019/05/14 8:20 p.m.61 views

CVE-2019-0289

CVE-2019-0289 affects SAP BusinessObjects Business Intelligence Platform (Analysis for OLAP), specifically versions 4.2 and 4.3, where an attacker can access information that should be restricted. The provided documents confirm the affected product and the information disclosure impact but do not...

7.1CVSS6.7AI score0.0108EPSS
CVE
CVE
added 2023/09/12 2:2 a.m.61 views

CVE-2023-40623

CVE-2023-40623 affects SAP BusinessObjects Suite Installer versions 420 and 430. The issue enables a network‑based attacker to create a directory under a temporary directory and link it to an OS directory (directory junction), enabling deletion of OS files and resulting in high availability impac...

7.1CVSS6.4AI score0.00373EPSS
CVE
CVE
added 2019/02/15 6:0 p.m.60 views

CVE-2019-0259

CVE-2019-0259 relates to SAP BusinessObjects (versions 4.2 and 4.3) and is a vulnerability where an attacker can upload arbitrary files, including scripts, due to insufficient file format validation. The root cause is inadequate validation during the file upload process, enabling remote, unauthen...

9.8CVSS9.3AI score0.02016EPSS
CVE
CVE
added 2015/10/15 8:0 p.m.55 views

CVE-2015-7730

CVE-2015-7730 affects SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3. A crafted GIOP packet can trigger an out-of-bounds read and listener crash, enabling remote denial of service. The entry documents this as SAP Security Note 2001108. Exploita...

10CVSS6.7AI score0.03628EPSS
CVE
CVE
added 2010/10/18 4:0 p.m.53 views

CVE-2010-3981

SAP BusinessObjects Enterprise XI 3.2 is affected by CVE-2010-3981 through an XSS flaw exposed in the Edit Service Parameters page via the ServiceClass parameter. Connected documents corroborate that Apache Axis2 (as included in relevant deployments) received a security release (Axis2 1.7.3) that...

4.3CVSS5.8AI score0.00894EPSS
CVE
CVE
added 2014/10/16 7:0 p.m.53 views

CVE-2014-8308

CVE-2014-8308 is an XSS vulnerability in SAP BusinessObjects BI EDGE 4.0’s Send to Inbox function. CVSS2 base score 4.3 (MEDIUM); attack vector NETWORK, attack complexity MEDIUM, no authentication, confidentiality impact NONE, integrity impact PARTIAL, availability impact NONE. Exploitation detai...

4.3CVSS5.8AI score0.02227EPSS
CVE
CVE
added 2019/02/15 6:0 p.m.53 views

CVE-2019-0251

The CVE-2019-0251 entry affects SAP BusinessObjects BI Platform Fiori Launchpad (before 4.2 and 4.3). The root cause is insufficient encoding of user-controlled inputs, enabling Cross-Site Scripting (XSS). The vulnerability can allow the execution of arbitrary script in a user’s browser. The prov...

6.1CVSS6AI score0.01137EPSS
CVE
CVE
added 2010/10/18 4:0 p.m.50 views

CVE-2010-3979

SAP BusinessObjects Enterprise XI 3.2 is affected by CVE-2010-3979 through the dswsbobje component. The vulnerability arises because the login field error messaging varies depending on whether the provided credential matches a valid username, enabling remote attackers to enumerate valid account n...

5CVSS6.8AI score0.0117EPSS
Web
CVE
CVE
added 2023/05/09 12:55 a.m.50 views

CVE-2023-28764

CVE-2023-28764 affects SAP BusinessObjects Platform versions 420 and 430, specifically the Information design tool. The vulnerability stems from transmitting sensitive information in cleartext over the network within the Information design tool binaries, enabling an unauthenticated attacker with ...

5.9CVSS5AI score0.0051EPSS
CVE
CVE
added 2010/10/18 4:0 p.m.49 views

CVE-2010-3982

SAP BusinessObjects Enterprise XI 3.2 is affected by a vulnerability in the CrystalReports/viewrpt.cwr URI where the apstoken parameter can cause remote TCP connections to arbitrary intranet hosts on any port, exposing potentially sensitive information about open ports (an related internal port s...

5CVSS6.7AI score0.01343EPSS
Web
CVE
CVE
added 2018/04/10 3:0 p.m.49 views

CVE-2018-2408

SAP Business Objects (BI Launch Pad/CMC) versions 4.0–4.30 are affected by an improper session management vulnerability where, after a user changes their password, other active sessions created with the old password remain active. This can allow an attacker to reuse pre-existing sessions to acces...

7.5CVSS7.2AI score0.01623EPSS
CVE
CVE
added 2010/10/18 4:0 p.m.47 views

CVE-2010-3980

Summary: CVE-2010-3980 affects SAP BusinessObjects Enterprise XI 3.2. The dswsbobje service (biplatform URI) does not limit the number of CUIDs that can be requested via GenerateCuids, enabling remote authenticated users to trigger a denial of service. The vulnerability is tied to an unbounded nu...

4CVSS6.4AI score0.00933EPSS
Web
CVE
CVE
added 2014/04/30 2:0 p.m.47 views

CVE-2014-3134

CVE-2014-3134 describes a cross-site scripting (XSS) vulnerability in the InfoView application of SAP BusinessObjects . The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The available records do not specify the exact vulnerable component version, exp...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2014/10/16 7:0 p.m.47 views

CVE-2014-8311

CVE-2014-8311 affects SAP BusinessObjects Edge 4.0. Remote attackers can obtain sensitive information via an InfoStore query to a CORBA listener, causing information disclosure. The provided sources do not specify affected subversions or a fixed patch in this context. Exploitation details are not...

3.5CVSS6.3AI score0.01772EPSS
CVE
CVE
added 2017/12/12 2:0 p.m.47 views

CVE-2017-16683

The CVE-2017-16683 entry affects SAP Business Objects Platform Enterprise 4.10 and 4.20, describing a Denial of Service that could allow an attacker to prevent legitimate users from accessing the service. The connected documents confirm the affected product and the DoS impact but do not provide a...

6.5CVSS6.3AI score0.01412EPSS
CVE
CVE
added 2014/10/16 7:0 p.m.45 views

CVE-2014-8309

CVE-2014-8309 affects SAP BusinessObjects 4.0 and BOXI R2/3.1. The issue stems from error messages shown after failed logon attempts, which vary in delay based on whether the user exists, enabling remote attackers to enumerate valid usernames via SecEnterprise authentication requests to the Sessi...

5CVSS7.2AI score0.01667EPSS
CVE
CVE
added 2014/10/16 7:0 p.m.45 views

CVE-2014-8310

The CVE-2014-8310 entry affects SAP BusinessObjects BI Edge 4.0, specifically the CMS CORBA listener. A vulnerability in the OSCAFactory::Session ORB handling allows remote attackers to cause a denial of service (server shutdown). The available data does not specify exploit details beyond the cra...

7.1CVSS6.8AI score0.02922EPSS
CVE
CVE
added 2010/10/18 4:0 p.m.44 views

CVE-2010-3983

The CVE-2010-3983 entry concerns SAP BusinessObjects Enterprise XI 3.2, affecting the CmcApp component. It specifies that remote authenticated users can gain privileges via vectors involving the Program Job Server and the Program Login property. The provided connected records corroborate the prod...

9CVSS6.6AI score0.01699EPSS
CVE
CVE
added 2014/12/17 7:0 p.m.44 views

CVE-2014-9387

SAP BusinessObjects Edge 4.1 is affected by CVE-2014-9387 through a crafted CORBA call that allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN and escalate privileges. The underlying cause is exposure of a login token via CORBA, enabling complete confidentiality, integrit...

10CVSS6.9AI score0.04615EPSS