Lucene search
K
SapBusinessobjects Business Intelligence

45 matches found

CVE
CVE
added 2019/07/10 7:7 p.m.152 views

CVE-2019-0326

The connected records confirm a Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), affecting versions 4.1, 4.2, and 4.3. The root cause is insufficient encoding of user-controlled inputs, as described in multiple sources. Th...

6.1CVSS5.9AI score0.01325EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.106 views

CVE-2022-41203

CVE-2022-41203 affects SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad). An authenticated user with low privileges can trick the application by substituting a serialized parameter with a malicious serialized object, causing deserialization of untrusted data and impact...

9.9CVSS8.6AI score0.00924EPSS
CVE
CVE
added 2023/04/11 2:53 a.m.104 views

CVE-2023-28765

CVE-2023-28765 concerns SAP BusinessObjects Business Intelligence Platform (Promotion Management) prior to patch versions; specifically 420 and 430. The root cause involves handling of the internal file lcmbiar , enabling a basic-privilege attacker to access and decrypt the file, potentially expo...

9.8CVSS9.5AI score0.14942EPSS
CVE
CVE
added 2023/09/12 2:3 a.m.99 views

CVE-2023-40622

CVE-2023-40622 affects SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 and 430. The vulnerability allows an authenticated attacker to view restricted information, potentially leading to a full compromise of the application with high impacts to confidentialit...

9.9CVSS9.2AI score0.00531EPSS
CVE
CVE
added 2022/05/11 2:54 p.m.83 views

CVE-2022-28214

CVE-2022-28214 affects SAP BusinessObjects Enterprise CMS (versions 420 and 430). During an update, authentication credentials are exposed in Sysmon event logs, causing Information Disclosure with high impact to Confidentiality, Integrity, and Availability. The NVD/NVD-derived metrics list CVSSv3...

7.8CVSS7.5AI score0.00167EPSS
CVE
CVE
added 2022/08/09 8:13 p.m.78 views

CVE-2022-32245

CVE-2022-32245 affects SAP BusinessObjects Business Intelligence Platform (Open Document) versions 4.2.0x and 4.3.x (420–430). The root cause is an information-disclosure vulnerability that allows an unauthenticated attacker to retrieve plaintext data over the network, enabling viewing any data f...

8.2CVSS8AI score0.00442EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.72 views

CVE-2022-35296

SAP BusinessObjects Business Intelligence Platform Vulnerability (CVE-2022-35296) affects the Version Management System component. Affected: SAP BO BI Platform versions prior to 4.2 SP9 P10, 4.3 SP2 P7, or 4.3 SP3, where the Version Management System can disclose sensitive information to a remote...

4.9CVSS4.9AI score0.00752EPSS
CVE
CVE
added 2023/03/14 5:3 a.m.71 views

CVE-2023-27894

CVE-2023-27894 affects SAP BusinessObjects BI Platform (Web Services) versions 420 and 430. The issue allows injecting arbitrary values into CMS parameters to perform internal-network lookups, enabling information disclosure and potential follow-on attacks (internal scanning, remote file inclusio...

5.3CVSS5.3AI score0.00617EPSS
CVE
CVE
added 2023/03/14 5:2 a.m.71 views

CVE-2023-27896

CVE-2023-27896 affects SAP BusinessObjects BI Platform versions 420 and 430. The issue is a Server-Side Request Forgery (SSRF) where an attacker can control a malicious BOE server, causing the application server to connect to its own CMS. This leads to a high impact on availability. The descripti...

7.5CVSS6.9AI score0.00524EPSS
CVE
CVE
added 2023/05/09 1:37 a.m.71 views

CVE-2023-31406

The CVE-2023-31406 issue affects SAP BusinessObjects BI Platform versions 420 and 430. It is caused by insufficient input validation, enabling an unauthenticated attacker to redirect users to a malicious/untrusted site via a crafted link. The impact is described as a limited degradation of confid...

6.1CVSS6.2AI score0.00455EPSS
CVE
CVE
added 2023/05/09 1:37 a.m.67 views

CVE-2023-31404

CVE-2023-31404 – SAP BusinessObjects BI Platform, Central Management Service is affected in versions 420 and 430. The issue permits information disclosure where users with certain privileges may access other users’ credentials and restricted data sources due to conditions described in the SAP/BEP...

5CVSS5AI score0.00466EPSS
CVE
CVE
added 2023/09/12 12:55 a.m.67 views

CVE-2023-37489

CVE-2023-37489 affects SAP BusinessObjects Business Intelligence Platform (Version Management System), version 403. The vulnerability arises from lack of input/validation that allows an unauthenticated user to read code snippets via the UI, resulting in low confidentiality impact with no effect o...

5.3CVSS5.4AI score0.00433EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.66 views

CVE-2022-41206

CVE-2022-41206 affects SAP BusinessObjects BI Platform (Analysis for OLAP) versions 4.2.0/4.3.0 (420, 430). The vulnerability arises from accepting user-controlled inputs when OLAP connections are created or edited in the Central Management Console, enabling an authenticated attacker with low pri...

5.4CVSS5.3AI score0.00475EPSS
CVE
CVE
added 2023/08/08 12:46 a.m.66 views

CVE-2023-37490

The CVE-2023-37490 entry concerns SAP Business Objects Installer (versions 420, 430). A network-authenticated attacker can overwrite an executable file created in a temporary directory during installation and replace it with a malicious file, enabling a full compromise of confidentiality, integri...

9CVSS8.3AI score0.00242EPSS
CVE
CVE
added 2019/08/14 1:54 p.m.64 views

CVE-2019-0346

The CVE-2019-0346 entry concerns SAP Business Objects Business Intelligence Platform (Central Management Console) v4.2, where an unencrypted communication error can disclose the list of user names and roles imported from SAP NetWeaver BI systems. The affected component is the Central Management C...

6.5CVSS6.3AI score0.00694EPSS
CVE
CVE
added 2022/09/13 7:24 p.m.64 views

CVE-2022-32244

CVE-2022-32244 describes an authentication-related issue in SAP BusinessObjects BI Platform where an attacker authenticated as a CMS administrator can access and modify data in the BOE Commentary database. Under certain conditions and with high-privilege access on the same physical/logical networ...

5.2CVSS5AI score0.00457EPSS
CVE
CVE
added 2023/08/08 12:49 a.m.64 views

CVE-2023-39440

CVE-2023-39440 (SAP BusinessObjects BI Platform Information Disclosure) Affected product: SAP BusinessObjects Business Intelligence Platform (version 420). Description in provided sources: when a user logs in to a specific program under certain conditions, memory may not be cleared properly, pote...

4.4CVSS4.5AI score0.00107EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.63 views

CVE-2018-2427

Public documents in the provided set do not disclose detailed technical specifics (affected components, root cause, or remediation) for CVE-2018-2427. Monitor for updates.

8.8CVSS8.6AI score0.01732EPSS
CVE
CVE
added 2019/08/14 1:48 p.m.63 views

CVE-2019-0334

CVE-2019-0334 affects SAP BusinessObjects BI Platform (BI Workspace) versions 4.1, 4.2, and 4.3. The issue allows storing a malicious script during module creation, which, when executed, could enable a user to escalate privileges through session hijacking and expose sensitive information via Stor...

5.4CVSS5.5AI score0.00685EPSS
CVE
CVE
added 2021/02/09 8:44 p.m.63 views

CVE-2021-21444

CVE-2021-21444 affects SAP Business Objects BI Platform versions 410, 420, and 430. The vulnerability stems from the response headers containing multiple X-Frame-Options entries, which may not be uniformly respected by all user agents, potentially nullifying the X-Frame-Options header and enablin...

6.1CVSS6.1AI score0.00813EPSS
CVE
CVE
added 2019/03/12 10:0 p.m.61 views

CVE-2019-0269

CVE-2019-0269 describes a cross-site scripting vulnerability in SAP BusinessObjects BI Platform (BI Workspace) affecting versions 4.10 and 4.20 . It results from insufficient encoding of user-controlled inputs , enabling potential execution of arbitrary script in a user’s browser within the affec...

5.4CVSS5.3AI score0.00968EPSS
CVE
CVE
added 2023/05/09 1:34 a.m.61 views

CVE-2023-30741

SAP BusinessObjects BI Platform (versions 420 and 430) is affected by CVE-2023-30741 due to insufficient input validation, enabling an unauthenticated attacker to redirect users to a malicious site and potentially view/modify information, with limited impact on confidentiality and integrity. Reme...

6.1CVSS6.2AI score0.00393EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.60 views

CVE-2022-39800

CVE-2022-39800 - SAP BusinessObjects BI LaunchPad affects SAP BusinessObjects BI LaunchPad versions 420 and 430. The issue is a script execution vulnerability caused by improper sanitization of user inputs during network interaction, exploitable by an unauthenticated attacker to view or modify in...

6.1CVSS6.2AI score0.00583EPSS
CVE
CVE
added 2024/10/08 3:21 a.m.60 views

CVE-2024-37179

SA P BusinessObjects BI Platform Web Intelligence is affected by an authenticated-file-download vulnerability. A logged-in user can send a crafted request to the Web Intelligence Reporting Server to download arbitrary files from the host machine, exposing confidentiality without impacting integri...

7.7CVSS6.8AI score0.00428EPSS
CVE
CVE
added 2025/06/10 12:10 a.m.60 views

CVE-2025-23192

CVE-2025-23192 - SAP BusinessObjects BI Workspace is described as an unauthenticated cross-site scripting (XSS) vulnerability where an attacker can craft and store malicious scripts in a BI workspace; when victims load the workspace, the script can access session data and affect confidentiality (...

8.2CVSS8.2AI score0.00342EPSS
CVE
CVE
added 2019/08/14 1:44 p.m.59 views

CVE-2019-0332

CVE-2019-0332 affects SAP BusinessObjects BI Platform (Info View), versions 4.1, 4.2, and 4.3. The vulnerability allows an attacker to supply a payload as a search keyword, which is executed during the search action, resulting in Cross-Site Scripting (XSS). Root cause: inadequate input handling i...

6.1CVSS5.9AI score0.00807EPSS
CVE
CVE
added 2023/07/11 2:48 a.m.59 views

CVE-2023-36917

SAP BusinessObjects Business Intelligence Platform versions 420 and 430 are affected by an authentication bypass where an attacker who hijacks a user session can brute-force the victim’s old password due to an unrestricted rate limit on the password-change function. The attack, as described in th...

7.5CVSS6.6AI score0.0049EPSS
CVE
CVE
added 2019/03/12 10:0 p.m.58 views

CVE-2019-0268

CVE-2019-0268 affects SAP BusinessObjects Business Intelligence Platform (CMC Module) versions 4.10, 4.20 and 4.30. The root cause is inadequate validation of an XML document received from an untrusted source, exposing an XML External Entity-style weakness. Documents in connected sources corrobor...

8.1CVSS8.1AI score0.022EPSS
CVE
CVE
added 2019/08/14 1:44 p.m.57 views

CVE-2019-0335

SAP BusinessObjects BI Platform Central Management Console (versions 4.1–4.3) is affected by a stored XSS in the user description field. An attacker can store a payload in a user’s description that executes when the mouse hovers over the description in the UI’s info popup. The available documents...

6.1CVSS5.9AI score0.00807EPSS
CVE
CVE
added 2018/08/14 4:0 p.m.56 views

CVE-2018-2442

Summary of CVE-2018-2442 : In SAP BusinessObjects BI (versions 4.0–4.2), viewing a Web Intelligence report from BI Launchpad can reveal session details captured by an HTTP analysis tool, which may be reused in an HTML page while the user session remains valid. This describes a cross‑site request ...

8.8CVSS8.5AI score0.00705EPSS
CVE
CVE
added 2019/08/14 1:55 p.m.56 views

CVE-2019-0348

CVE-2019-0348 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence) for versions 4.1 and 4.2. The vulnerability involves accessing the database through an unencrypted connection, despite protection expectations that data be encrypted. The connected Red Hat, CNVD, CVE lists...

6.5CVSS6.5AI score0.00688EPSS
CVE
CVE
added 2019/08/14 1:43 p.m.55 views

CVE-2019-0331

SAP BusinessObjects BI Platform (BI Workspace) versions 4.1, 4.2, and 4.3 are associated with CVE-2019-0331, indicating an information disclosure vulnerability where an attacker may access sensitive data such as directory structure. The connected records confirm the affected product and versions ...

5.3CVSS5.2AI score0.01111EPSS
CVE
CVE
added 2021/01/12 2:40 p.m.55 views

CVE-2021-21447

CVE-2021-21447 affects SAP BusinessObjects BI Platform 4.1/4.2 (versions 4.1 < SP12 P9, 4.2 < SP8 P5 or

5.4CVSS5.2AI score0.00529EPSS
CVE
CVE
added 2021/09/15 6:1 p.m.55 views

CVE-2021-33697

CVE-2021-33697 affects SAP BusinessObjects BI Platform SAPUI5 (versions 420 and 430). The issue is a reverse tabnabbing vulnerability allowing an unauthenticated attacker to redirect users to a malicious site. Public exploitation details aren’t provided in the supplied documents. No remediation s...

6.1CVSS6.3AI score0.00562EPSS
CVE
CVE
added 2019/08/14 1:47 p.m.54 views

CVE-2019-0333

CVE-2019-0333 affects SAP BusinessObjects BI Platform (Web Intelligence) in versions 4.2 and 4.3. The root issue is triggered when a client cancels a query, allowing an attacker to query and retrieve the entire data set beyond their authorized security profile, causing information disclosure. The...

6.5CVSS6.4AI score0.01135EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.52 views

CVE-2018-2432

CVE-2018-2432 affects SAP BusinessObjects BI Launchpad and Central Management Console (versions 4.10, 4.20, 4.30). The issue allows an attacker to include invalid data in the HTTP response header sent to a web user, enabling cross-site scripting and page hijacking as stated in the public descript...

5.4CVSS5.2AI score0.00745EPSS
CVE
CVE
added 2018/08/14 4:0 p.m.52 views

CVE-2018-2447

SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) 4.2 is affected by CVE-2018-2447. The vulnerability allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. Root cause is not fully detailed in the provided sources, but the impact is d...

6.5CVSS6.5AI score0.01249EPSS
CVE
CVE
added 2023/05/09 1:34 a.m.52 views

CVE-2023-30740

SAP BusinessObjects Business Intelligence Platform versions 420 and 430 are affected by CVE-2023-30740, where an authenticated attacker can access restricted sensitive information, causing high confidentiality impact with limited integrity/availability impact. RedHat and other sources confirm the...

7.6CVSS6.5AI score0.00459EPSS
CVE
CVE
added 2018/11/13 8:0 p.m.51 views

CVE-2018-2473

CVE-2018-2473 affects SAP BusinessObjects Business Intelligence Platform Server (versions 4.1 and 4.2) when using Web Intelligence Rich Client 3-tier gateway. The vulnerability enables an attacker to prevent legitimate users from accessing a service, either by crashing or flooding it, implying a ...

6.5CVSS6.4AI score0.01533EPSS
CVE
CVE
added 2021/09/15 6:1 p.m.51 views

CVE-2021-33696

CVE-2021-33696 affects SAP BusinessObjects Business Intelligence Platform (Crystal Report) with vulnerable versions 420 and 430. The root cause is insufficient encoding of user-controlled inputs, enabling an XSS vulnerability that can cause non-permanent defacement or modification of displayed co...

5.4CVSS5.2AI score0.00458EPSS
CVE
CVE
added 2018/08/14 4:0 p.m.48 views

CVE-2018-2445

CVE-2018-2445 affects SAP BusinessObjects BI Admin Tools in SAP BI Platform (versions 4.1 and 4.2). The vulnerability is a Server-Side Request Forgery (SSRF) allowing an attacker to manipulate the application to send crafted requests on its behalf. CVSS details indicate high impact to confidentia...

9.6CVSS9.1AI score0.01086EPSS
CVE
CVE
added 2018/11/13 8:0 p.m.48 views

CVE-2018-2483

SAP BusinessObjects BI Platform CMC (versions 4.1 and 4.2) is affected by HTTP Verb Tampering caused by how request methods can be manipulated. Vulnerable component: Central Management Console. Reported impact includes bypassing security restrictions and tampering with HTTP verbs. No explicit exp...

4.3CVSS4.7AI score0.00888EPSS
CVE
CVE
added 2018/08/14 4:0 p.m.47 views

CVE-2018-2446

SAP BusinessObjects BI Admin Tools (v4.1, v4.2) contains an information-disclosure issue where an unauthenticated user can read the server name. The root cause and exact impact are described as information disclosure in multiple sources, but the documents do not provide exploit specifics, affecte...

7.5CVSS7.1AI score0.01744EPSS
CVE
CVE
added 2023/05/09 12:53 a.m.46 views

CVE-2023-28762

Affected product: SAP BusinessObjects Business Intelligence Platform (versions 420 and 430). Vulnerability summary: An authenticated attacker with administrator privileges can obtain the login token of any logged-in BI user over the network without user interaction, enabling impersonation of any ...

9.1CVSS7.1AI score0.00709EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.44 views

CVE-2018-2431

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, contains an XSS vulnerability caused by insufficient encoding of user-controlled inputs. The root cause is improper encoding in the affected web-facing components, enabling cross-site scripting. The connected documents do no...

6.1CVSS5.9AI score0.01016EPSS